Hello, in the PC4SF embedded client, in SF lighting when clicking the SSO icon (I have tested Ping and Microsoft ADFS), the inner frame of the embedded client is redirected to a blank page. When checking the Chrome console logs I can see the following error:

When using Ping Identity:
Refused to display 'https://[SSO target URL, etc...]' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://...my.salesforce.com ".

When using Microsoft ADFS:
Refused to display 'https://[SSO target URL, etc...]' in a frame because it set 'X-Frame-Options' to 'deny'.

I have tried several tips from SF forums changing some Session settings, white-listing the target URL in CSP Trusted Sites but nothing has worked so far.

The workaround is to click the SSO icon in the full PureCloud interface and then switch to the SF interface so the user will have already logged in its embedded PC4SF client.

Has anyone faced this issue and found solution?

Thank you!
#Integrations

------------------------------
Henry Zambrano
Powernet Global Telecommunications
------------------------------

What doe you have as the login/ACS URL?  I am in US-East so I have https://login.mypurecloud.com/saml.  Also, be sure to do the follow the certificate part on https://help.mypurecloud.com/articles/add-salesforce-as-a-single-sign-on-provider/.

------------------------------
Robert Wakefield-Carl
Avtex Solutions, LLC
Contact Center Innovation Architect
robertwc@avtex.com
https://www.Avtex.com
https://RobertWC.Blogspot.com
------------------------------

Original Message:
Sent: 01-11-2020 17:04
From: Henry Zambrano
Subject: PureCloud for Salesforce SSO not working when using SF Lighting: redirects to a blank page

Hello, in the PC4SF embedded client, in SF lighting when clicking the SSO icon (I have tested Ping and Microsoft ADFS), the inner frame of the embedded client is redirected to a blank page. When checking the Chrome console logs I can see the following error:

When using Ping Identity:
Refused to display 'https://[SSO target URL, etc...]' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://...my.salesforce.com ".

When using Microsoft ADFS:
Refused to display 'https://[SSO target URL, etc...]' in a frame because it set 'X-Frame-Options' to 'deny'.

I have tried several tips from SF forums changing some Session settings, white-listing the target URL in CSP Trusted Sites but nothing has worked so far.

The workaround is to click the SSO icon in the full PureCloud interface and then switch to the SF interface so the user will have already logged in its embedded PC4SF client.

Has anyone faced this issue and found solution?

Thank you!
#Integrations

------------------------------
Henry Zambrano
Powernet Global Telecommunications
------------------------------

Thank you Robert, probably I didn't explained myself very well, the SSO is working with no problem, I mean the configuration is OK.
When I click on the SSO icon in the PureCloud login page in the full interface I'm redirected to the SSO page (Ping, MS, etc) where I can enter my credentials and after that I'm redirected back to PureCloud to the home page with no problem.
But when I try to do the SSO process in the embedded PureCloud phone client in Salesforce the redirect does not work, it looks like SF prevents from redirecting when doing it from an inner frame (where the PureCloud phone client is embedded).

Thanks,
Henry

------------------------------
Henry Zambrano
Powernet Global Telecommunications
------------------------------

Original Message:
Sent: 01-13-2020 09:38
From: Robert Wakefield-Carl
Subject: PureCloud for Salesforce SSO not working when using SF Lighting: redirects to a blank page

What doe you have as the login/ACS URL?  I am in US-East so I have https://login.mypurecloud.com/saml.  Also, be sure to do the follow the certificate part on https://help.mypurecloud.com/articles/add-salesforce-as-a-single-sign-on-provider/.

------------------------------
Robert Wakefield-Carl
Avtex Solutions, LLC
Contact Center Innovation Architect
robertwc@avtex.com
https://www.Avtex.com
https://RobertWC.Blogspot.com

Original Message:
Sent: 01-11-2020 17:04
From: Henry Zambrano
Subject: PureCloud for Salesforce SSO not working when using SF Lighting: redirects to a blank page

Hello, in the PC4SF embedded client, in SF lighting when clicking the SSO icon (I have tested Ping and Microsoft ADFS), the inner frame of the embedded client is redirected to a blank page. When checking the Chrome console logs I can see the following error:

When using Ping Identity:
Refused to display 'https://[SSO target URL, etc...]' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://...my.salesforce.com ".

When using Microsoft ADFS:
Refused to display 'https://[SSO target URL, etc...]' in a frame because it set 'X-Frame-Options' to 'deny'.

I have tried several tips from SF forums changing some Session settings, white-listing the target URL in CSP Trusted Sites but nothing has worked so far.

The workaround is to click the SSO icon in the full PureCloud interface and then switch to the SF interface so the user will have already logged in its embedded PC4SF client.

Has anyone faced this issue and found solution?

Thank you!
#Integrations

------------------------------
Henry Zambrano
Powernet Global Telecommunications
------------------------------

You need to use the dedicated login window, because the SSO provider does not allow their login window to be embedded inside an iFrame (pretty common use of the xframe directive to prevent "click jacking").  Additionally, you can configure the login process to automatically redirect you straight to the SSO login screen by using the "Auto-Redirect to SSO" feature in your configuration; you'll need the org shortname from the organization settings in the PureCloud admin UI.  

See here for more info: https://help.mypurecloud.com/articles/configure-call-center-settings/

------------------------------
Richard Schott
Genesys - Employees
------------------------------

Original Message:
Sent: 01-11-2020 17:04
From: Henry Zambrano
Subject: PureCloud for Salesforce SSO not working when using SF Lighting: redirects to a blank page

Hello, in the PC4SF embedded client, in SF lighting when clicking the SSO icon (I have tested Ping and Microsoft ADFS), the inner frame of the embedded client is redirected to a blank page. When checking the Chrome console logs I can see the following error:

When using Ping Identity:
Refused to display 'https://[SSO target URL, etc...]' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://...my.salesforce.com ".

When using Microsoft ADFS:
Refused to display 'https://[SSO target URL, etc...]' in a frame because it set 'X-Frame-Options' to 'deny'.

I have tried several tips from SF forums changing some Session settings, white-listing the target URL in CSP Trusted Sites but nothing has worked so far.

The workaround is to click the SSO icon in the full PureCloud interface and then switch to the SF interface so the user will have already logged in its embedded PC4SF client.

Has anyone faced this issue and found solution?

Thank you!
#Integrations

------------------------------
Henry Zambrano
Powernet Global Telecommunications
------------------------------

Thank you Richard, precisely I figured it out this morning. That's what I suggested to the customer: to enable dedicated login window.

Regards,

------------------------------
Henry Zambrano
Powernet Global Telecommunications
------------------------------

Original Message:
Sent: 01-15-2020 16:18
From: Richard Schott
Subject: PureCloud for Salesforce SSO not working when using SF Lighting: redirects to a blank page

You need to use the dedicated login window, because the SSO provider does not allow their login window to be embedded inside an iFrame (pretty common use of the xframe directive to prevent "click jacking").  Additionally, you can configure the login process to automatically redirect you straight to the SSO login screen by using the "Auto-Redirect to SSO" feature in your configuration; you'll need the org shortname from the organization settings in the PureCloud admin UI.  

See here for more info: https://help.mypurecloud.com/articles/configure-call-center-settings/

------------------------------
Richard Schott
Genesys - Employees

Original Message:
Sent: 01-11-2020 17:04
From: Henry Zambrano
Subject: PureCloud for Salesforce SSO not working when using SF Lighting: redirects to a blank page

Hello, in the PC4SF embedded client, in SF lighting when clicking the SSO icon (I have tested Ping and Microsoft ADFS), the inner frame of the embedded client is redirected to a blank page. When checking the Chrome console logs I can see the following error:

When using Ping Identity:
Refused to display 'https://[SSO target URL, etc...]' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://...my.salesforce.com ".

When using Microsoft ADFS:
Refused to display 'https://[SSO target URL, etc...]' in a frame because it set 'X-Frame-Options' to 'deny'.

I have tried several tips from SF forums changing some Session settings, white-listing the target URL in CSP Trusted Sites but nothing has worked so far.

The workaround is to click the SSO icon in the full PureCloud interface and then switch to the SF interface so the user will have already logged in its embedded PC4SF client.

Has anyone faced this issue and found solution?

Thank you!
#Integrations

------------------------------
Henry Zambrano
Powernet Global Telecommunications
------------------------------