I would like to set our user's Microsoft Outlook Home Page to point to our intranet news page(hosted on Sharepoint).
I finally managed to suppress some JS errors I was getting when trying this (See this question).
However, when users access this homepage through outlook, they are asked to provide their Sharepoint credentials. They are then not required to do so for the next 24 hours. The next morning, they will be asked to provide credentials again.
Is anyone aware of a way around this, perhaps by embedding a script into the page or by setting some specific page permissions? Usually, the user can access the site without having to log in if they navigate via IE, so why does this not carry over to the Outlook web browser?
Any help or guidance is much appreciated.
Many thanks
Have you push down the GPO Settings for IE Settings - Trusted Intranet Zone?
Another way is to turn on Anonymous Access to your portal. See link
to solve this problem I changed my approach completely.
Instead of linking to the web page directly in Outlook I created scheduled task which queries the SharePoint server for the news article data, and then builds an HTML page with the 10 latest articles.
This task runs hourly and the HTML file is linked to on each user's Outlook homepage.
If anyone would like to see the code I use to achieve this please efelf ree to message me.
Related
I assume it has something to do with this:
For me Google one Tap stopped working on all my sites that previously worked. I added API HTTP refer to restriction in console.developer.com, but I still get a warning message "The client origin is not permitted to use this API." any thoughts? If you go to the page https://www.wego.com/ you can see that Google one tap still works...
https://news.ycombinator.com/item?id=17044518#17045809
but Google YOLO stop working for everyone. I use it like many people for login and it just stop work.
My domain are obviously added on console.developers.google.com
Any ETA for fix this? Some information would be great for people who rely on it.
Google YOLO is not disabled. It is open to a small list of Google Partners.
The reason you were able to access it earlier was because it was open for a short period of time but the whitelist is now readded/enabled.
Reference:
https://twitter.com/sirdarckcat/status/994867137704587264
Google YOLO was put on whitelist after a client-side exploit became clear to google.
People could cover the login button of the prompt with something like a cookie consent (which we all know people automatically accept).
Therefor people could easily steal their gmail or other details due to this google decided to put it on whitelist and review the sites that are using this technology in order to ensure that they are using it as they should.
Google retroactively labeled One-Tap as a "closed beta".
https://developers.google.com/identity/one-tap/web
The beta test program for this API is currently closed. We are improving the API's cross-browser functionality and will provide updates here in the coming months.
The link for the entire project is currently 404, but the beta statement is visible on the wayback machine.
Has anyone successfully integrated Peoplesoft screens or navigation via an iFrame in a third party app like Liferay or uPortal?
We are trying to integrate Liferay Portal as a web front end and consume some of the PeopleSoft screens in an iFrame portlet. Both the Liferay Portal and Peoplsoft systems are on different top level domains. We are using Oracle Single Sign On on bot the applications. We have a couple of issues with this.
The screens display in the iFrame - however, the JavaScript on the PeopleSoft does not execute and keeps spinning. In Chrome devtools console, there is the following error:
Uncaught TypeError: Cannot read property 'getStoredData' of undefinedPT_PAGESCRIPT_win0_MIN_1.jsp
If not already signed in to the PeopleSoft system via SSO - the Login page pops out of the iFrame on IE browsers. To clarify based on comments below, the SSO happens for the first app like Liferay, however the user didnot try to go the second app PeopleSoft yet. So the SSO cookies for the second app (PeopleSoft) are not yet in the session. So when we access the page with the iFrame containing the Peoplesoft page, it pops out of the frame in IE trying to establish SSO session and cookies with PeopleSoft.
Has anyone been able to solve any of these issues?
Any insight would be much appreciated. I can provide more details if needed.
Thanks!
Edited for clarification based on comments below.
We have been able to resolve the above 2 issues.
First, we created a new instance of the portal in the same parent domain as the PeopleSoft domain and ensured both were using SSL so the protocol matched. This resolved the cross domain JS errors
Second, we changed our Oracle IdM SSO login flow to always redirect to a new PeopleSoft PIA which redirects back to Liferay's original URL. This ensures there is a valid PeopleSoft session and prevents iFrame popouts along with other integration issues. There is a lot of changes and work done by our team on this around related use cases(deep links, session timeouts) and flows. I'd be happy to post more details if anyone is proceeding down the same path.
Thanks for all the comments which helped us dig in the right direction. We also got feedback from other Liferay and PeoplesSoft customers who followed similar approaches.
I am using a Javascript widget (specifically Accuweather) on my aspx page and it detects it as a call to another domain.
The Javascript widget is present on most of the site as it is in the master page.
It is showing me the error "This page is accessing information not under its control" and can get annoying for some users.
This happens on the Intranet Zone of our site.
I know one way to solve it is by changing the "Access data sources across domains" to Enable instead of Prompt. However, we have other sites that we don't want to be affected by the change. Changing the Intranet Zone affects all of the Intranet Sites.
Another possible way is, instead of being in the Intranet Zone, transfer it to Trusted Sites (which is configured properly already). However, our setup is to automatically detect the Intranet Zone. How can we do this?
Can anyone help?
Thank you!
So I have next issue. My app export some images to Path(some social network, as I think), and I use Amazon appstore for sharing my app. But the authentication page of Path, which I fetch in webview has a link to Apple Store and Google Play Market, that's very bad, because of amazon policy disallows such links and I can't publish my app. Here is example of such authentication page - https://partner.path.com/oauth2/authenticate?response_type=code&client_id=1b81bf92642176a90222d90c5ca5c2c6937f4dd7.
First of all, I tried to find some way to edit downloaded page - use javascript to get code of page, delete a link and fetch it back to webview. But after such manipulations webview stop to respond on clicks and I can't log in. I done smth like in this post - Is it possible to get the HTML code from WebView.
So I ask your help guys in next issue - I need working variant of authentication page of Path without any links to any markets.
everybody! It's not possible to edit the page in way it will working correctly after it. So I was forced to delete this function from my app.
Also I have written an email to Path team - they just answered that they don't going to change their authentication page in near future.
This might be a silly question which I'll delete if I realise, so if you are reading this then I didn't yet figure it out.
I have some software which is online (addressable) and available but it's a bit of a secret, so instead of just hitting my software when you come to my domain, you are shown a blog that I wrote and hidden within that blog is a link ;)
All well and good.
Now the problem is that users of my software always post screenshots which gives my 1/2 secret URL away. EEEEK yep! So I wanted to have the url be just the plain old normal domain, so as not to make things too easy for them hacky types :p
I have full control over everything here. Clientside / Server / Everything. Initially you hit some jsp and then the GWT app (inside of Tomcat) - you have to provide login details in the GWT app. So I have plenty of places to do this URL hiding / faking but any ideas to help would be great.
...and yes I'm posting this (perhaps isn't too dumb)!
Many thanks in advance.
You can use the javascript history.pushState() here
history.pushState({},"Some title here","/")
For example, on http://yourwebsite.com/secretlink.html, after the JS runs, the URL bar will show http://yourwebsite.com/ without having refreshed the page1. Note that if the user refreshes the page they will be taken to http://yourwebsite.com/ and not back to the secret link.
You can also do something like history.pushState({},"Some title here","/hidden.jsp"), so that if the user refreshes the page you can show them an error page that tells them to find the secret link and open it again.
1. If you pushState() some other domain than your own, a refresh will happen so this cannot be abused to phish sites
Include the inner page as an iFrame