Collapse
Submit a Service Request
Contact Information for Technical Support
My Service Notifications
Live Experience fails to load and is prompting for login credentials
Answer ID 12658 |
Last Review Date 07/11/2023
Why is Live Experience prompting for login credentials and when I enter them, I get an error?
Environment:
Browser User Interface (BUI) and Live Experience (LX)
Issue:
Dev tools shows a 400 error and user is prompted to enter login credentials for Live Experience.
Resolution:
The behavior is occurring due to the X-Frame-Options present in the Browser User Interface (BUI) disallowing the address the SSO is initiated from. In order to resolve this, you will need to add the URL of the SSO redirect to Live Experience to a custom configuration setting, CUSTOM_CFG_BUI_IFRAME_DOMAIN_LIST, and update the SSO_SAME_SITE_ATTR configuration setting.
If you plan to use Live Experience in B2C Service, keep it secure and avoid clickjacking by following these guidelines:
- Agents will need to run at or above the Browser Support requirements.
Failure to do so will cause issues once you proceed to steps 2 & 3. - Create a custom configuration setting: CUSTOM_CFG_BUI_IFRAME_DOMAIN_LIST
- Access Configuration Settings and click New, choosing type of Text.
- Name the setting by appending BUI_IFRAME_DOMAIN_LIST to the existing CUSTOM_CFG_ value. Failure to use the correct name will mean this protection is invalid.
- Set the following values for this setting and then Save your changes.
- Type: Site (or Interface, as preferred)
- Required: No
- Folder: Custom
- Default: leave blank
- Maximum Length: as desired for domain listing
- Pattern: leave blank
- (Suggested) Description: Use this configuration setting to set allowable domains within which the Agent Browser UI can be embedded.
- Ensure you enter applicable domain values that you want to safelist in this configuration setting and save those changes. (ie. oracle.com, etc.) When entering more than one domain, separate with a comma (ie. oracle.com, custhelp.com, etc.). For Live Experience (LX), enter live.oraclecloud.com or emea.live.oraclecloud.com.
- Set the SSO_SAME_SITE_ATTR configuration setting = None. This allows SSO to be used inside the iframe when logging in to external sites.
- SSO_SAME_SITE_ATTR
An optional, site-level parameter that controls whether or not Single Sign-On (SSO) is to be supported in embedded frames within the Browser UI. Specify "None" if and only if SSO access is to be honored while accessing embedded frames. Leave as blank if your site either doesn't use SSO or if you don't want it extended to embedded frames. Default is blank.
- SSO_SAME_SITE_ATTR
- Access Configuration Settings and click New, choosing type of Text.
- Make sure to set Allow all cookies in your Browser
- Allow the Live Experience add-in to the appropriate staff account profiles test with an account assigned to the appropriate profile. You should no longer be prompted to enter credentials when accessing the Live Experience add-in.
Path to setting(s):
Select Configuration from the navigation area > Site Configuration folder > Configuration Settings > and search by Key.
Select Configuration from the navigation area > Site Configuration folder > Configuration Settings > and search by Key.
Cause:
The browser header X-Frame-Options blocks third party cookies by default as of Chrome 80+. This change is from security restrictions added in from Google Chrome's SameSite=Lax Update. This change also forces cookies to be marked secure. Edge browser is also built on Chromium and this applies to Edge as well.
The browser header X-Frame-Options blocks third party cookies by default as of Chrome 80+. This change is from security restrictions added in from Google Chrome's SameSite=Lax Update. This change also forces cookies to be marked secure. Edge browser is also built on Chromium and this applies to Edge as well.
