disturbedone
Vendor
This may or may not be the best place to post this but I'll give it a go. Although the issue is on Win7 it is also related to Internet Explorer and also Group Policies in a domain environment.
We are a school and use an externally hosted web-based application as a portal (Blackboard) for staff/students/parents. We aim to use it as the single entry point for users and give them access to a multitude of other web-based applications ie we don't want links opening dozens of additional tabs/windows showing many URLs which may confuse users. To do this we have made applications open within frames so that the user still sees the main portal but content is displayed below all the main menus. We use ADFS for SSO using SAML and this logs users in to all of these web-based applications automatically.
Generally this works. We had teething issues initially but now things work well. The issues were resolved by configuring security/privacy settings in IE to allow things to work - local intranet, trusted sites, cookies etc. Yesterday an issue arose and I can't work out how to resolve it.
Things to note:
[ul]
[li]This is only an issue on domain Windows computers. Personal Windows devices do not have the issue.[/li]
[li]This is only an issue with IE. Chrome does not have the issue. I am using IE11.[/li]
[/ul]
The issue:
[ul]
[li]User opens IE and browses to the Blackboard website. SSO authenticates them immediately.[/li]
[li]User clicks link to open the 2nd app (Synergetic Community Portal). This opens the Community Portal web page within a frame. SSO authenticates the user to Synergetic automatically.[/li]
[li]User browses to the page within Community Portal to view student reports. This displays student information correctly.[/li]
[li]User clicks a link to open the PDF report. This opens a new tab and displays an error (generated by the CommPortal website) saying "Authentication failure - This can be due to a session timeout so please attempt to log out then back in again."[/li]
[li]If the link to the report is changed to open the PDF in the same frame then it displays correctly. The problem is that it's not user friendly to navigate away from the report as all the CommPortal menus have disappeared.[/li]
[li]The Blackboard and CommPortal URLs are in the 'Local intranet' zone. [/li]
[li]Privacy settings override automatic cookie handling, accept first-party cookies, block third-party cookies and always allow session cookies. All of these settings have been changed with no effect. These only affect the 'Internet' zone anyway.[/li]
[/ul]
It appears to be an issue with the handling of cookies from iframes. When a new tab/window is opened it isn't taking the SSO cookie across to say that the user is already authenticated.
Any ideas how to resolve this? It's obviously (I think) an issue with the security/privacy settings in IE because it only occurs on domain computers and not personal ones but what setting is it?
We are a school and use an externally hosted web-based application as a portal (Blackboard) for staff/students/parents. We aim to use it as the single entry point for users and give them access to a multitude of other web-based applications ie we don't want links opening dozens of additional tabs/windows showing many URLs which may confuse users. To do this we have made applications open within frames so that the user still sees the main portal but content is displayed below all the main menus. We use ADFS for SSO using SAML and this logs users in to all of these web-based applications automatically.
Generally this works. We had teething issues initially but now things work well. The issues were resolved by configuring security/privacy settings in IE to allow things to work - local intranet, trusted sites, cookies etc. Yesterday an issue arose and I can't work out how to resolve it.
Things to note:
[ul]
[li]This is only an issue on domain Windows computers. Personal Windows devices do not have the issue.[/li]
[li]This is only an issue with IE. Chrome does not have the issue. I am using IE11.[/li]
[/ul]
The issue:
[ul]
[li]User opens IE and browses to the Blackboard website. SSO authenticates them immediately.[/li]
[li]User clicks link to open the 2nd app (Synergetic Community Portal). This opens the Community Portal web page within a frame. SSO authenticates the user to Synergetic automatically.[/li]
[li]User browses to the page within Community Portal to view student reports. This displays student information correctly.[/li]
[li]User clicks a link to open the PDF report. This opens a new tab and displays an error (generated by the CommPortal website) saying "Authentication failure - This can be due to a session timeout so please attempt to log out then back in again."[/li]
[li]If the link to the report is changed to open the PDF in the same frame then it displays correctly. The problem is that it's not user friendly to navigate away from the report as all the CommPortal menus have disappeared.[/li]
[li]The Blackboard and CommPortal URLs are in the 'Local intranet' zone. [/li]
[li]Privacy settings override automatic cookie handling, accept first-party cookies, block third-party cookies and always allow session cookies. All of these settings have been changed with no effect. These only affect the 'Internet' zone anyway.[/li]
[/ul]
It appears to be an issue with the handling of cookies from iframes. When a new tab/window is opened it isn't taking the SSO cookie across to say that the user is already authenticated.
Any ideas how to resolve this? It's obviously (I think) an issue with the security/privacy settings in IE because it only occurs on domain computers and not personal ones but what setting is it?
