Skip Navigation
Browser Agent UI (BUI) Intelligent Advisor Interview fails to load with 500 error
Answer ID 11992   |   Last Review Date 11/15/2021

Why does my Interview in Browser Agent UI (BUI) fail to load with a 500 error?

Browser User Interface (BUI), user agent,  Intelligent Advisor
Getting a 404 error when Intelligent Advisor (OPA) Interview redirects to perform an SSO login.
This 404 error is caused by the X-Frame-Options present in the AgentWeb disallowing the address the SSO is initiated from. In order to resolve this issue, add the URL of the SSO redirect to CUSTOM_CFG_BUI_IFRAME_DOMAIN_LIST.
We also suggest adding the URL of the site this module is set up to display as well, since this is needed in order to properly redirect the SSO login.
If you plan to use modules with SSO enabled; keep it secure and avoid clickjacking by following these guidelines:
  1. Agents will need to run at or above the Browser Support requirements.
    Failure to do so will cause issues once you proceed to steps 2 & 3.
  2. Create a custom configuration setting: CUSTOM_CFG_BUI_IFRAME_DOMAIN_LIST
    1. Access Configuration Settings and click New, choosing type of Text.
    2. Name the setting by appending BUI_IFRAME_DOMAIN_LIST to the existing CUSTOM_CFG_ value. Failure to use the correct name will mean this protection is invalid.
    3. Set the following values for this setting and then Save your changes.
      1. Type: Site (or Interface, as preferred)
      2. Required: No
      3. Folder: Custom
      4. Default: leave blank
      5. Maximum Length: as desired for domain listing
      6. Pattern: leave blank
      7. (Suggested) Description: Use this configuration setting to set allowable domains within which the Agent Browser UI can be embedded.
    4. Ensure you enter applicable domain values that you want to safelist in this configuration setting and save those changes. (ie., etc.) When entering more than one domain, separate with a comma (ie.,, etc.). For Interviews, right click in authoring in BUI, find console and look for the line matching  This can also be found in the network tab when BUI loads authoring in a tab.
    5. (For SSO enable sites), set SSO_SAME_SITE_ATTR  = None, this allows SSO to be used inside the iframe when logging in to external sites.
        An optional, site-level parameter that controls whether or not Single Sign-On (SSO) is to be supported in embedded frames within the Browser UI. Specify "None" if and only if SSO access is to be honored while accessing embedded frames. Leave as blank if your site either doesn't use SSO or if you don't want it extended to embedded frames. Default is blank.
  3. Add the Module to your Workspace, now see that it loads as expected.
Path to setting(s):
Select Configuration from the navigation area > Site Configuration > Configuration Settings > and search by Key.
The browser header X-Frame-Options blocks thirds party cookies by default as of Chrome 80+. This change is from security restrictions added in from Google Chrome's SameSite=Lax Update.  This change also forces cookies to be marked secure.