Refused to connect to *.my.salesforce.com, when using iframe to login into salesforce inside salesforce

Question

There is a web application that has SSO for Salesforce, this is implemented using keycloak OIDC.

The web application has a login page provided which has Sign-in with Salesforce option.

This web application URL is framed in Salesforce. The iframe is not blocked and the login page is displayed without any issues. But when login with Salesforce is clicked, it redirects to the Salesforce login page. This is where it throws an error that refused to connect to *.my.salesforce.com.

Note:

This only happens when a user tries to log in using SSO from the iframe.
This only happens when the user tries to log in the first time, post that even iframe sso login works

Tried salesforce settings like:

Trusted CSP
Session Settings -> trusted domain and clickjacking.

score 0 · Answer 1 · answered Apr 12 '23 at 04:50

Login pages typically shouldn't be framed for security reasons. If the login page restricts framing page by X-Frame-Options or Content Security Policy frame-ancestors directive there is nothing you can set on your end to make it work. The only options would be to allowlist your site by Salesforce login page for framing (if they support this) or route requests through a proxy that removes the framing (absolutely not recommended).

Refused to connect to *.my.salesforce.com, when using iframe to login into salesforce inside salesforce

1 Answers1