Menu
OK so what i need to do is be able to put a login screen from a remote site in an iframe and when they click the login button it logs them in to the remote site then changes the local page to page 2 here is what i have managed to do so far which is very little. and if this isn't possible would i be able to create a local login that passed the information to the remote site and gets a cookie then loads the next local page?
<html>
<head>
<title>
</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" >
<style type="text/css">
#outerdiv
{
width:400px;
height:360px;
overflow:hidden;
position:relative;
}
#inneriframe
{
position:absolute;
top:-125px;
left:-802px;
width:2000px;
height:2000px;
}
</style>
</head>
<body>
<div id='outerdiv'>
<iframe src="http://www.99designs.com/login" name="myiframe" id='inneriframe' scrolling=yes></iframe>
</div>
</body>
</html>
919
To allow Remedy Single Sign-On to launch applications in iframes and in nested iframes, you must configure Remedy SSO server to allow launching applications from other domains.
An iframe, short for inline frame, is an HTML element that contains another HTML document within it. The iframe element is specified with the iframe tag. It may be placed anywhere in an HTML document, and thus anywhere on a web page.
This very likely wont be possible, due to the fact that the hosts between your local and the remote will be different, so JavaScript wont allow you access to the iframe content due the the Same origin policy that all browsers employ.
http://en.wikipedia.org/wiki/Same_origin_policy
The only way you might be able to achieve this is if the other site doesn't employ XSS protection and allows you to directly get/post a login URL to their site. It really depends on who controls what... if you own and control both the local and the remote site then it will be possible. If not, it's unlikely and will be subject to all sorts of possible problems (i.e. if the remote site changes the way it's log-in works you system will break, or getting fine grain control of the log-in log-out process wont be possible, so you wont be able to implement your own error handling).
I guess what I'm saying is you shouldn't rely on an XSS vulnerability.
If you think about it, if the above wasn't true then there would be a lot of very powerful and scary things evil people could do in the background whilst you were surfing a site. For example, if you could use JavaScript to communicate across hosts into a hidden iframe there would be nothing to stop someone coding a hidden script that navigated to facebook, relied on your browser stored username and password, logged in, and then started posting / deleting / befriending away... (and that is only a mild example that doesn't involve credit card details or government websites)
Your best bet for implementing something along these lines is to employ a server-side scripting language like php, asp, java, node.js, ruby, lisp, perl or python. Scripting languages don't tend to have limitations with regard to working with external resources. Again, as long as the external site supports a simple or open source log-in system, you should be able to rig something together than allowed your JavaScript to log-in using your server-side script as a proxy via AJAX. For example, you can use cURL via PHP to post to an external site and retrieve the cookies that site returns. This is not an easy project however and will take quite a bit of work to get functioning without problems.
161
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
