Authenticate In Iframe

[Michael Schut]

Currently our setup involves a 3rd party that is trying to connect to our page via iframe. 

We use SimpleSAML as an SP. I saw someone mentioned opening a popup window for the login then closing it and reloading the iframe. When I have tried that, it continues to deny because of x-origin is cross domain.

We are using:

$auth->requireAuth();

Is there a way to confirm if the user is authenticated without needing to pass through the:

SimpleSAML/templates/includes/header.php?

(this uses X-Frame-Options: SAMEORIGIN)

[pat...@cirrusidentity.com]

See `isAuthenticated` method https://simplesamlphp.org/docs/stable/simplesamlphp-sp-api#section_2

- Patrick