Hi everyone.
Does looker support sso for embeded dashboards in Safari and IE10+?
SSO and embeding dashboard in Safari and IE10+
Userlevel 2
- Looker Staff
- 24 replies
-
6 October 2015
Hey Michal,
Yes we have our official support for different browsers located here:
So you should be good to go for Safari and IE10+ as I believe IE11 is the most recent version.
Have a good day,
Ian Ross
Sso works in Chrome and Mozilla, but fails at IE11 and Safari 9. Have you got any idea why?
Userlevel 4
Hey Michal,
I was able to get SSO to work on all browsers, with IE untested - as I’m on a mac. What errors are you running into with Safari 9?
We build url to the dashboard using the following example: https://github.com/looker/looker_embed_sso_examples/blob/master/java_example.java
Now, we put the url into iframe src attribute.
As I mentioned before, the iframe build in our web page works on Chrome and Mozilla. Thus we are automatically logged into looker and the dashboard is displayed in iframe.
We still have problems on IE11 (Windows7) and Safari 9 (OS X El Capitan).
We have analysed the request for iframe embeded dashboard in IE11 and scenario reads as follows:
- on the request for iframe embeded url, namely: ourdomainname.looker.com/embed/sso/dashboards/8/…
- on the response:
a) cookies are sent from server to browser
and
b) we are redirected to: ourdomainname.looker.com/embed/sso/dashboards/8/ due to Location attribute,
but NO cookies are sent in the request header
In consequence on Safari and IE10+ login page is displayed in the iframe so we have to login manually - SSO is broken due to lack of Cookies on request.
I must mention that our web page and embeded iframe have different domains so they violate the same origin policy
Userlevel 4
Curious, are there any javascript errors in the browser console during the redirect?
I don’t believe the iframe src url and web page need to have the same domain, as when I test SSO I’m hosting an HTTPS server on my localhost and pulling from a Looker instance with a non-localhost domain.
I have a similar issue. Our embedded Looker dashboards and looks work fine in Chrome but I get a 401 “You are not authenticated to view this page” error on Safari 9 running on OS X Yosemite. Any help appreciated!
Userlevel 4
Hey Kashif,
I was able to succeed in getting my SSO to work on Safari 9 on Yosemite and El Capitan. Where are you placing the url, in an iframe?
One other thing to check is Safari’s cookie settings as it’s possible for Safari to be blocking cookies.
Hi Zach, allowing all cookies in Safari seems to have addressed this issue. Thanks!
the issue seems to be that safari has the above preferences set by default. “always allowed” is required to sso into looker from an iframe. this pretty much breaks Powered By Looker for any non-Looker user… I wonder if there would be some sort of workaround where we could redirect traffic through X.looker.com to the site doing the embedding, in certain cases?
also, this one took me awhile to debug - i wish there was some mechanism to broadcast failed authentication events so we could see when this happens Looker API
Userlevel 4
looker.co.com and embed it on co.com. This might not be ideal in some cases, but this is the only way around it for now (other than changing your security settings).
great point - thanks
also, I solved the issue somewhat hackily with some code like this (only happens on Safari/IE the first time):
window.looker_popup = window.open("https://custom.looker.com");
setTimeout("window.looker_popup.close();location.reload();", 500);
it’s a janky user interaction, but it allows Looker to set a cookie and allows the iframe to authenticate
Userlevel 4
Ah, my fault
Reply
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.