10-17-2015 01:06 PM
Hi There,
I have a Cisco ISE Guest add-on product i developed, which integrates using the Guest API from v1.3, and auto-logins guests via some different iframe calls to the ISE guest portal. which i have deciphered by looking at the ISE guestportal login flow of HTTP GETs and POSTs and so on, and then duplicated these in my own PHP/Javascript code. This has been working fine through all versions since the Guest API was released. However since i started working with ISE 2.0, i am getting nowhere, as Cisco has chosen to put this little nugget in the http headers :
"X-frame-origins=SAMEORIGIN", which means the page on my external portal server, can no longer do any kind of iframe loads from the ise guestportal, as they are not on the same site :-(
Since i have no way of modifiying the headers from ISE, does anyone have an idea how sso type solutions would be possible now ? I have seen that there is supposed to support for SAML for the guest portal now, which is one route i could investigate, hpowever Cisco claims this only works with Oracle Access Manager SAML solution...not really something i wan't to get into for a simple guest login solution.
Also, the flow seems to require a portalsessionid now, which is not part of the initial url, but somehow created with the javascript on the ise guestportal, which i can't use, as it is loaded in an iframe, and if i try to load it into my own page, it fails as javascript ressourcers are not allowed to be loaded from another site :-(
Any suggestions ?
10-17-2015 01:08 PM
Sorry, what i meant to say was of course "x-frame-options:SAMEORIGIN"
10-17-2015 01:22 PM
Just to clarify, i am not just suggesting that this is the reason, i installed a firefox plugin in my browser that removes the x-frame-options from the stream, and everything works as before ISE 2.0, i haven't changed i single line of code.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: