Skip Navigation
Expand
Browser Agent UI (BUI) KA Authoring fails to load with 500 error
Answer ID 11991   |   Last Review Date 11/15/2021

Browser Agent UI (BUI) Authoring fails to load with 500 error

Environment:
Browser User Interface (BUI), user agent
 
Issue:
Getting a 404 error when Authoring redirects to perform an SSO login.
 
Resolution:
This 404 error is caused by the X-Frame-Options present in the AgentWeb disallowing the address the SSO is initiated from. In order to resolve this issue, add the URL of the SSO redirect to CUSTOM_CFG_BUI_IFRAME_DOMAIN_LIST.
We also suggest adding the URL of the site this module is set up to display as well, since this is needed in order to properly redirect the SSO login.
If you plan to use modules with SSO enabled; keep it secure and avoid clickjacking by following these guidelines:
  1. Agents will need to run at or above the Browser Support requirements.
    Failure to do so will cause issues once you proceed to steps 2 & 3.
  2. Create a custom configuration setting: CUSTOM_CFG_BUI_IFRAME_DOMAIN_LIST
    1. Access Configuration Settings and click New, choosing type of Text.
    2. Name the setting by appending BUI_IFRAME_DOMAIN_LIST to the existing CUSTOM_CFG_ value. Failure to use the correct name will mean this protection is invalid.
    3. Set the following values for this setting and then Save your changes.
      1. Type: Site (or Interface, as preferred)
      2. Required: No
      3. Folder: Custom
      4. Default: leave blank
      5. Maximum Length: as desired for domain listing
      6. Pattern: leave blank
      7. (Suggested) Description: Use this configuration setting to set allowable domains within which the Agent Browser UI can be embedded.
    4. Ensure you enter applicable domain values that you want to safelist in this configuration setting and save those changes. (ie. oracle.com, etc.) When entering more than one domain, separate with a comma (ie. oracle.com, custhelp.com, etc.). For authoring, right click in authoring in BUI, find console and look for the line matching sitename-im.custhelp.com.  This can also be found in the network tab when BUI loads authoring in a tab.
    5. (For SSO enable sites), set SSO_SAME_SITE_ATTR = None, this allows SSO to be used inside the iframe when logging in to external sites.
      1. SSO_SAME_SITE_ATTR
        An optional, site-level parameter that controls whether or not Single Sign-On (SSO) is to be supported in embedded frames within the Browser UI. Specify "None" if and only if SSO access is to be honored while accessing embedded frames. Leave as blank if your site either doesn't use SSO or if you don't want it extended to embedded frames. Default is blank.
  3. Make sure to set Allow all cookies in your Browser
  4. Add the Module to your Workspace, now see that it loads as expected.
Path to setting(s):
Select Configuration from the navigation area > Site Configuration > Configuration Settings > and search by Key.
 
Cause:
The browser header X-Frame-Options blocks thirds party cookies by default as of Chrome 80+. This change is from security restrictions added in from Google Chrome's SameSite=Lax Update.  This change also forces cookies to be marked secure.