Hi There,

I have a Cisco ISE Guest add-on product i developed, which integrates using the Guest API from v1.3, and auto-logins guests via some different iframe calls to the ISE guest portal. which i have deciphered by looking at the ISE guestportal login flow of HTTP GETs and POSTs and so on, and then duplicated these in my own PHP/Javascript code. This has been working fine through all versions since the Guest API was released. However since i started working with ISE 2.0, i am getting nowhere, as Cisco has chosen to put this little nugget in the http headers :

"X-frame-origins=SAMEORIGIN", which means the page on my external portal server, can no longer do any kind of iframe loads from the ise guestportal, as they are not on the same site :-(

Since i have no way of modifiying the headers from ISE, does anyone have an idea how sso type solutions would be possible now ? I have seen that there is supposed to support for SAML for the guest portal now, which is one route i could investigate, hpowever Cisco claims this only works with Oracle Access Manager SAML solution...not really something i wan't to get into for a simple guest login solution.

Also, the flow seems to require a portalsessionid now, which is not part of the initial url, but somehow created with the javascript on the ise guestportal, which i can't use, as it is loaded in an iframe, and if i try to load it into my own page, it fails as javascript ressourcers are not allowed to be loaded from another site :-(

Any suggestions ?