Question

SSO and embeding dashboard in Safari and IE10+


Hi everyone.

Does looker support sso for embeded dashboards in Safari and IE10+?


15 replies

great point - thanks @Zam . i was under the impression you had to be self-hosted to use a custom domain. is that true? if not, is there a good reference on how we should configure our DNS to enable a custom subdomian pointed at Looker?


also, I solved the issue somewhat hackily with some code like this (only happens on Safari/IE the first time):


window.looker_popup = window.open("https://custom.looker.com");
setTimeout("window.looker_popup.close();location.reload();", 500);

it’s a janky user interaction, but it allows Looker to set a cookie and allows the iframe to authenticate

@justinkrause @Zam FYI, it is possible to use a custom domain on a Looker-hosted instance (at least as of 2018). Work with your Customer Success rep to receive the DNS configuration params.

Userlevel 4
Badge

Hey Michal,


I was able to get SSO to work on all browsers, with IE untested - as I’m on a mac. What errors are you running into with Safari 9?

Userlevel 4
Badge

Curious, are there any javascript errors in the browser console during the redirect?


I don’t believe the iframe src url and web page need to have the same domain, as when I test SSO I’m hosting an HTTPS server on my localhost and pulling from a Looker instance with a non-localhost domain.

Userlevel 4
Badge

Hey Kashif,


I was able to succeed in getting my SSO to work on Safari 9 on Yosemite and El Capitan. Where are you placing the url, in an iframe?


One other thing to check is Safari’s cookie settings as it’s possible for Safari to be blocking cookies.

Userlevel 4
Badge

@justinkrause Another way to workaround the IE issue is by hosting Looker on a subdomain of the domain you’re embedding on. E.g. put Looker on looker.co.com and embed it on co.com. This might not be ideal in some cases, but this is the only way around it for now (other than changing your security settings).

Userlevel 4
Badge

Ah, my fault @justinkrause I did not even think to look at whether Looker hosted you or not. That is correct that you’d have to self-host to take our approach. A+ on that alternate work around though!

Userlevel 2

Hey Michal,


Yes we have our official support for different browsers located here:




So you should be good to go for Safari and IE10+ as I believe IE11 is the most recent version.


Have a good day,

Ian Ross

I have a similar issue. Our embedded Looker dashboards and looks work fine in Chrome but I get a 401 “You are not authenticated to view this page” error on Safari 9 running on OS X Yosemite. Any help appreciated!

Hi Zach, allowing all cookies in Safari seems to have addressed this issue. Thanks!

Sso works in Chrome and Mozilla, but fails at IE11 and Safari 9. Have you got any idea why?

We build url to the dashboard using the following example: https://github.com/looker/looker_embed_sso_examples/blob/master/java_example.java

Now, we put the url into iframe src attribute.

As I mentioned before, the iframe build in our web page works on Chrome and Mozilla. Thus we are automatically logged into looker and the dashboard is displayed in iframe.

We still have problems on IE11 (Windows7) and Safari 9 (OS X El Capitan).

We have analysed the request for iframe embeded dashboard in IE11 and scenario reads as follows:



In consequence on Safari and IE10+ login page is displayed in the iframe so we have to login manually - SSO is broken due to lack of Cookies on request.

I must mention that our web page and embeded iframe have different domains so they violate the same origin policy


the issue seems to be that safari has the above preferences set by default. “always allowed” is required to sso into looker from an iframe. this pretty much breaks Powered By Looker for any non-Looker user… I wonder if there would be some sort of workaround where we could redirect traffic through X.looker.com to the site doing the embedding, in certain cases?

also, this one took me awhile to debug - i wish there was some mechanism to broadcast failed authentication events so we could see when this happens Looker API

Reply