Duo Web iframe and Office (embedded) browsers

The Microsoft Office “thick” clients (Word, Excel, etc. on MacOS, Windows, iPhone, Android) support enterprise logins to Office 365 with an embedded browser that’s launched when you try to sign-in.

If using the iframe as shown in https://duo.com/docs/duoweb

<iframe id="duo_iframe">

For our custom WebSSO, when the embedded browser attempts to render the html page with the iframe, it fails and the sign-up stops. A Microsoft employee wrote


(which seems to have disappeared from the website very recently, but I have the content appended below.)

In that blog the suggestion was a iframe element like

<iframe id="duo_iframe" src="/images/tiny.gif">

The difference being that a minimal image is initially inserted into the iframe. We found that this does fix the problem and people can sign-in from those browsers (and it still works on traditional ones).

So, I was wondering what the folks at Duo think of this, and if it appears to be reasonable, be officially documented?

(Here’s that blog’s content, including its (one) comment)

Hi Phil,
I discussed this with our engineering team, and please be aware that we do not recommend setting the src on the iframe. It will fix this specific bug but can (and does) break other integrations.

We are actively working on a fix for this and will be releasing a new minor version of the Duo Web SDK that fixes this bug without breaking other integrations. I’ll follow up in this thread when that becomes available.

I look forward to trying out the new version. Also, if you could elaborate on which other integrations the src fix can break, that may be helpful.

We are also having this issues. We protect SharePoint on Prem through ADFS/WAP and documents being opened no longer work. We need this fixed.

Hey @DuoforSchool if you open up a support case we can help you out with this ADFS issue.

1 Like

Will do - Thank you!

Can you let us know an estimate of when this fix will be released.

We have an issue where the embedded browser fails on iframe and loads about:blank
We tried changing our code to append src when it loads the iframe but still doesnt work :frowning: