I am trying to figure out a correct yet simple way to solve the following problem. We have a web application that is exposed on the web where authorized people can operate. These people needs to work on this web application and on a cloud hosted tool to perform similar actions. As matter of fact, we want the people to have a similar interface (with almost all the elements from the first application) inside the cloud hosted tool. We cannot deploy a new instance of the first application on the cloud hosted tool but we can insert a Web view with an iframe recalling the first application.
The scenario, ideally, will then be:
cloud.domain.com > [iframe]:a.my-domain.com
What is not clear to me are the following:
- Being a.my-domain.com under SSO and being the people connected to a corporate network (where a.my-domain.com resides), will cookies and SSO still work inside the iframe (i.e. not requiring the user to authenticate two times on the application)?
- Is there a clean way to manipulate the application inside the iframe without having to modify the source code (i.e. just changin the visibility of some elements)?
For point 2. I found out that this won't be possible if the caller application is on a different domain of the called one, but it is not clear if with jQuery or postMessage this can be done (with postMessage I understood we need to modify the called application).
Does anybody know if the explained solution will work for the initial requirement?