Configuring X-Frame-Options

Last Updated : Oct 16, 2023 |

About this task

For security reasons, the default deployment of Active Directory Federation Service (AD FS) prevents certain X-Frame-Options or iFrame applications. To ensure that the single sign-on (SSO) process is successful, you must configure X-Frame-Options. For example, if Salesforce integrates with Avaya Workspaces, you must configure X-Frame-Options for SSO to be successful.

Before you begin

  • Ensure to install AD FS 2016 and later.

    Note:

    To customize the HTTP security response header in AD FS 2016, install kb4493473 and kb4507459 Windows 10 OS updates.

  • Ensure to import Avaya Experience Platform™ (On-Prem + Connect) metadata on AD FS and configure it as a trusted party.

Procedure

  1. On the AD FS server, open the PowerShell command window.
  2. To configure X-Frame-Options, do the following:
    1. Modify the HTTP security response header to allow specific domains as required:

      Set-AdfsResponseHeaders -SetHeaderName "Content-Security-Policy" -SetHeaderValue "frame-ancestors 'self' *.lightning.force.com *.my.salesforce.com *.dynamics.com *.service-now.com *.avayacloud.com *.avaya.com *.<your company domain> 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:;"

    2. Modify HTTP security response header to allow a browser to render a web page in an iFrame that is same as the origin web page:

      Set-AdfsResponseHeaders -SetHeaderName "X-Frame-Options" -SetHeaderValue "SAMEORIGIN"

Related information
SSO configuration with on-premise Active Directory