Cross domain with an Iframe, pointing to SSO server?

So long as there is not client side script being executed from the SSO party you do not need the iframe. The point of using an iframe for security is to prevent AJAX methods from ignoring single origin policy and circumventing SSL encryption. The answer is to remove the iframe.

Request the SSO data from the server side and send it to the client from your server as the page is built.

The SSO server would need to set a cookie or read an existing cookie to ensure that user is not signed in already. I won't be able to read other domain's cookie on my domain so I need ONLY SSO server to directly verify the signed in status of the user. It is imperative that I have SSO server in iframe so that user credentials be submitted directly to it and so that it sets the cookie in response.

Thats is how CAS is working in our case. – Priyank Jan 20 '10 at 3:15.

There are ways around that restriction on the iframe...do search for cross-domain iframe communication...

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.