Discourse forum SSO in iframe problem

Hello, I want to iframe the forum inside a website.

The forum will login via SSO. The iframing works correctly. But the SSO process cannot set the login cookie because the ‘samesite lax’ attribute is set at discourses side. Is there anybody who also experience this problem? Or is there anybody that managed to iframe their forum inside a website and connect it via SSO?

Thanks in advance

1 Like

Just letting you know that Discourse does not work well (if at all) in an iframe. So you’re already asking for troubles :wink:

3 Likes

Thanks for the very very quick response :slight_smile:

Hmm okay, well I found a setting in the discourse settings section. This allows the forum to be iframed into another site. This setting works (if you are already logged in and have the cookie).

The only thing which doesn’t work is the sso process. Our sso process works fine and correct when opening the forum in a new tab. But the iframe breaks this process because the cookie with the accesstoken cannot be set due to a different domain. This leads to an endless loop inside of the iframe because discourse can’t find this cookie and starts the sso process again.

As this is very important for us, isn’t there any option to iframe the forum whilst using sso authentication?

The setting is pretty experimental and not really supported in an sso environment. The redirect back would need to do some fancy work to pass all the information back into the frame.

I strongly recommend you just go with a custom header and footer, it is very easy to set it up so it looks like the main site.

3 Likes

Thanks for your reply.

We will try to go with a custom header and footer.
Are there any plans in the nearby future to make the discourseSSO work in an iframe? This feature would come in handy when people want to include a forum in their site without implementing all the API’s from discourse.

What does an iframe have to do with APIs?

Dear Stephan,

We already use the forum with sso inside a webview in an app. We want to integrate the forum in a new website we are building. I believe we have two options for this:

Option 1: implement several api’s (for example retrieving posts, categories and posting to discourse.)

Option 2: iframe the forum in our website in combination with sso. (cost efficient and we can see if the forum is a success prior investing into it)

So to answer your question: the iframe option does not have to do anything with the APIs.

Are there any plans in the nearby future to make the discourseSSO work in an iframe?

1 Like

The SSO protocol redirects to your site, you then perform auth and redirect back to our site.

If one is to setup an IFRAME here, the redirect you perform once you authenticated the user would have to go to your site, it then would have to do some sort of magic to pass the information back into the IFRAME.

This is technically complex and very hard to get right. On the other option of custom footer and header is both technically way simpler to implement, way less error prone and as an added bonus faster cause you are not forced to make 2 separate requests to build up a page.

3 Likes