Troubleshooting Private Embedding + SAML

Knowledge Drop

Last tested: Oct 7, 2020
 

There are a number of errors and settings to be aware of when using SAML authentication in an iframe for private embedding. You can test things out using a simple online HTML editor, using the following iframe code:

<iframe src="https://instance.looker.com/embed/dashboards/[id]" height="500" width="500"></iframe>

401: You are not authenticated to view this page

If you are not already logged into Looker, you will get this page by default when you attempt to access the embed URL through the iframe instead of getting the Authenticate button. To avoid this error, simply add allow_login_screen=true to the URL:

<iframe src="https://instance.looker.com/embed/dashboards/[id]?allow_login_screen=true" height="500" width="500"></iframe>

Note that even if you are using the sso_bypass_login_page license feature to skip the login page, you will still need to add allow_login_screen=true to avoid an error. You have to allow the login screen before you can bypass it!

Blank page with a 403

With the iframe embedding feature enabled on the IdP-side, if the iframe goes blank when you hit the Authenticate button and you get a 403 response from the request made to <your_looker_url>/login/saml like in the screenshot below and no request gets made to the IdP, check the browser's setting on third-party cookies! (Note that if you were SSO embedding, this would result in a 401 response instead.)

[IdP url] Refused to connect with a 303

As of Oct 2020, a lot of IdPs do not allow iframe embedding, so hitting the Authenticate button in an iframe where Looker content is privately embedded will result in a "refused to connect" error.

However, Okta does have a flag called "iframe Embedding" that can be enabled: https://support.okta.com/help/s/question/0D51Y00008W3zGR/okta-sso-using-iframe?language=en_US

This content is subject to limited support.                

Comments
LucianaPadua
Participant II

Hi, since the last update we are having troubles with iFrame in Confluence and Looker.

The Confluence Pages load with the right embedded looks and after some minutes they  turn into the screen below. Do you know why this could be the case? We use Google Workspace SAML integration for both Confluence and Looker. 

Thanks

0f7db551-1cb0-4f5b-aa44-aa48c2763067.png
Version history
Last update:
‎06-14-2021 05:46 PM
Updated by: