Skip to Content
avatar image
Former Member

Portal 7.5 Fiori iView and cross domain issue

Hi

We are on SAP Portal 7.5 SP4. Our SAP Gateway runs the fiori applications. We have integrated the Fiori applications in SAP Portal via Fiori iViews. Both Gateway and SAP Portal are accessed via the same hostname https://portal.dev.sap.sys.com.au.

The Fiori iViews are opened in Standards Mode in a new window and I have no issues with rendering (although I see an "Access is Denied" on the fiorilaunchpad.html at Line 1 <!DOCTYPE html> as soon as I access any application - only on IE11).

When I run the integrated Fiori application, I notice that the parent (portal) frame's document.domain is dev.sap.sys.com.au (due to domain relaxation parameter that is set to '1' in the SAP Portal), but the embedded Fiori application's document.domain is portal.dev.sap.sys.com.au (as there is no domain relaxation). Since the two domain names are different, I believe it prevents a custom java script to run (the script tries to set a custom window title each time the user navigates between fiori application within the same iframe) and I see a "Permission Denied" error.

Is there a way to overcome this and ensure both parent and child frames run out of the same domain?

And also, why do I see the "Access is Denied" on the fiorilaunchpad.html at Line 1 <!DOCTYPE html> on IE11?

Thanks

Manoj

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Jan 21, 2017 at 12:01 PM

    Hi Manoj

    Can you refer to the below Note and check the Solution section of it

    632440 - Domain barrier in the browser of the SAP Enterprise Portal

    Regards

    Santarshi Samanta

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jan 21, 2017 at 12:58 PM

    Hi Manoj

    Did you configure SSO between portals and FIORI?
    Also check the note Https: //launchpad.support.sap.com/#/notes/0002159924

    Regards

    Add comment
    10|10000 characters needed characters exceeded

  • Jan 26, 2017 at 02:03 PM

    Hi Manoj,

    Gateway Fiori uses Clickjacking protection which will block application working under iframe (which iview is using). You'll need to setup Clickjacking whitelist as per Note: 1872800 even with domain relaxing.

    Best regards,

    Nick

    Add comment
    10|10000 characters needed characters exceeded