Issue:
Getting a 404 error when Module redirects to perform an SSO login.

Resolution:
This 404 error is caused by the X-Frame-Options present in the AgentWeb disallowing the address the SSO is initiated from. In order to resolve this issue, add the URL of the SSO redirect to CUSTOM_CFG_BUI_IFRAME_DOMAIN_LIST.

We also suggest adding the URL of the site this module is set up to display as well, since this is needed in order to properly redirect the SSO login.

If you plan to use modules with SSO enabled; keep it secure and avoid clickjacking by following these guidelines:

1. Agents will need to run at or above the Browser Support requirements.
   Failure to do so will cause issues once you proceed to steps 2 & 3.
2. Create a custom configuration setting: CUSTOM_CFG_BUI_IFRAME_DOMAIN_LIST
   1. Access Configuration Settings and click New, choosing type of Text.
   2. Name the setting by appending BUI_IFRAME_DOMAIN_LIST to the existing CUSTOM_CFG_ value. Failure to use the correct name will mean this protection is invalid.
   3. Set the following values for this setting and then Save your changes.
      1. Type: Site (or Interface, as preferred)
      2. Required: No
      3. Folder: Custom
      4. Default: leave blank
      5. Maximum Length: as desired for domain listing
      6. Pattern: leave blank
      7. (Suggested) Description: Use this configuration setting to set allowable domains within which the Agent Browser UI can be embedded.
   4. Ensure you enter applicable domain values that you want to safelist in this configuration setting and save those changes. (ie. oracle.com, etc.) When entering more than one domain, separate with a comma (ie. oracle.com, custhelp.com, etc.).
      1. This should be done like so for domains with a subdomain *.custhelp.com/ as HTTPS will be added automatically to the URL.
   5. (For SSO enable sites), set SSO_SAME_SITE_ATTR = None, this allows SSO to be used inside the iframe when logging in to external sites.
      1. SSO_SAME_SITE_ATTR
         An optional, site-level parameter that controls whether or not Single Sign-On (SSO) is to be supported in embedded frames within the Browser UI. Specify "None" if and only if SSO access is to be honored while accessing embedded frames. Leave as blank if your site either doesn't use SSO or if you don't want it extended to embedded frames. Default is blank.
   6. NOTE: If your site uses Authoring (Knowledge Advance), right click in Authoring in BUI, find console and look for the line matching sitename-im.custhelp.com.  This can also be found in the network tab when BUI loads authoring in a tab.
3. Make sure to set your Browser cookies to Allow All Cookies
4. Add the Module to your Workspace, now see that it loads as expected.