We use ADFS security in our web application, so when we try to get frame from our domain from other
application(for cross-domain messaging) we are redirected to ADFS first, then back to our domain with Set-Cookie headers in response and then back to target frame, assuming that security cookies are already set. But they are not - request does not contain
cookies, so we are not secured again and redirect to ADFS - it is infinite loop. It can be fixed by setting: Internet Options -> Privacy -> Advanced -> Override automatic cookie handling and Always allows session cookies, but our clients may be not
allowed to change IE settings. Are there any other way to solve this?
↧