Hi experts,

I would like to understand what happens when a session timeout happens when a service call is made.

For example, I am idle in the Fiori launchpad for long time, and the session has timed out, and now I click on one of the tiles. This is what I see in my system.

-> A request is made to an OData service and it returns a 403 forbidden error

-> Immediately another call is made with the same URL but with URL parameter xhr-logon=iframe.

     This returns a "302 moved temporarily" and provides the login page's URL in response header 'location'.

-> The login page's URL received in above step is opened in a pop-up as an iframe. (Background is still Fiori Launchpad).

I actually get an empty pop-up because my login provider (URL) comes with a response header X-Frame-Options=sameorigin

Any idea on how to solve this issue? Any ideas welcome.

Copying Fiori and Gateway forums.

Regards

Krishna