Login to a third party SAML app that's in an iFrame

[Eric Goodman]

I'm absolutely certain that there has been discussion on this topic in the past, but Google or my Google skills are failing me (my searches only return a 2008 thread apparently from before the problem was well understood).


We have a page that is protected by a SAML SP. This page acts conceptually like a portal, but it's actually just displaying data from a third party application via an iFrame. That third party application is itself protected by a (different) SAML SP.

So my question is: How should one authenticate the SAML SP protected application that's hosted in the iFrame? The design goal is to keep the content of that application within the iFrame (securely).

I can think of several approaches to try, but again, I know that this has been discussed here and that there is an existing store of thought and knowledge on the topic that I'm just not seeing. I am happy to accept links from better Googlers than myself rather than detailed responses! 

Thanks,

--- Eric