Configuring Siebel Open UI > Configuring Siebel Open UI to Interact with Other Applications > Displaying Data from Siebel Open UI in External Applications >

Configuring Communications with Siebel Portlets When Hosted Inside iFrame

This topic outlines the Siebel server parameter configurations that are required and optional to enable communication with Siebel portlets when hosted inside an iFrame. These parameters can be modified for the Siebel Component with which the functionality is meant to communicate. The instructions in this topic are not required when cross-domain communications are not needed.

Siebel Open UI can be used in same domain IFrames starting in Siebel Innovation Pack 2013 and supports use across domains starting with Siebel Innovation Pack 2014 release. The following settings support this feature:

• Xframe-options allow-from. Allows Siebel to be hosted inside a portal. The portal application name has to be listed as the Allow-From value.
• PortletOriginList. Gives the list of allowed applications to communicate with Siebel Open UI when it is hosted inside an iFrame.

You can use the X-Frame-Options HTTP header to determine whether or not Siebel Open UI can display a page in a browser in a frame or in an iFrame. This capability is useful to avoid a potential security problem by making sure a hacker cannot embed the content that Siebel Open UI provides into another application. The XFrameOptions parameter is a hidden Siebel Server parameter that you can use to control the value of the X-Frame-Options header. You can set it to one of the following values:

• SAMEORIGIN. Display the page only in a frame that resides in the same location as the page.This is the default value.
• ALLOW-FROM url. Display the page only in a frame that resides in the specified location. If an external application accesses a Siebel URI, then you specify the URI that this external application uses. For example, if the external application uses my_url.com, then you use the following value:
  ALLOW-FROM http://my_url.com/
  If a browser (such as Chrome or Safari) does not support ALLOW-FROM, then the browser ignores it.
• DENY. Do not display the page in a frame or in an iFrame.

Make sure that HTTPS/HTTP transports match for cross-domain sites.

To configure communications with Siebel portlets when hosted inside an iFrame

1. Set up the Siebel server parameters:
   1. Log in to a Siebel client with administrative privileges.
   2. Navigate to the Administration - Server Configuration screen, and then the Servers view.
   3. In the Siebel Servers list, choose a Siebel Server.
   4. Click Parameters.
   5. In the Parameters list, add the following parameters.

      Parameter	Description
      PortletAPIKey	This is a required parameter. It is a unique key configured as a server parameter. The source portal program must pass this key to call the Siebel application exposed as the portlet. The messaging object used to communicate with Siebel Portal will need to contain a parameter msg.Key. The msg.Key must match the key configured in this parameter. If the messaging object does not contain a key, or contains an invalid one, the invocation will result in an error in the Siebel portlet.
      PortletOriginList	This is a required parameter. It defines the list of valid domains from which the Siebel portlet will accept a communication request. A comma separated list can be provided for this parameter. Any invocations coming from domains that are not listed here will cause an error in the Siebel portlet.
      PortletMaxAllowedAttempts	This is an optional parameter. Its default value is 3. This parameter specifies the number of unsuccessful communication attempts with the portlet before Siebel Open UI blocks any subsequent calls. An unsuccessful call can occur in the following situations: A domain attempts to send a communication request to the portlet, but the PortletOriginList does not specify this domain. The portlet_key sent by the communicating domain does not match the parameter specified in the Siebel server. The Siebel portal will remain blocked up to the time extent as defined by PortletBlockedInterval after which Siebel Open UI resets the unsuccessful attempts to zero
      PortletBlockedInterval	This is an optional parameter. Its default value is 900 seconds. This parameter specifies the time in seconds for which Siebel portlet will remain blocked to any communication attempt from the hosting portal or a neighboring portlet after having exceeded the number of unsuccessful communication attempts (as defined by PortletMaxAllowedAttempts). During this time, the Siebel portlet will still be open to access by the user of the application. However, no programmatic access is permitted.

2. Based on your configuration, the portal, or another portlet in the portal, add the following object to your custom code. The SWEView, SWEApplet, and Key arguments are required. All other arguments are optional:

   var msg = new Object();

   msg.SWEView = view_name;

   msg.SWEApplet = applet_name;

   msg.SWECmd =GotoView or GetApplet

   msg.Key = portlet_key;

   where:

   • view_name specifies the view that Siebel Open UI displays in the portlet window. If you specify only the view, then Siebel Open UI displays the view and all the applets that this view contains.
   • applet_name specifies the applet that Siebel Open UI displays in the portlet window. If you specify only the applet, then Siebel Open UI displays only this applet and no view. If you specify the view and applet, then Siebel Open UI displays the applet in the view.
   • GotoView or GetApplet specifies whether or not to display a view or an applet in the portlet window.
   • portlet_key must specify the value that you specify for the PortletAPIKey server parameter in Step <$elemparanumonly. The Siebel client sends this value to the Siebel Server when it calls a Siebel application. You must include the msg.Key argument, and the value of this argument must match the value of the key that the PortletAPIKey server parameter contains on the Siebel Server. If the messaging object does not contain a key, or if it contains a key that does not match the value of the server parameter, then Siebel Open UI displays an error in the Siebel portlet.

     For example, the following code displays the Opportunity List Applet inside the Opportunity List View:

   var msg = new Object();

   msg.SWEView = Opportunity List View;

   msg.SWEApplet = Opportunity List Applet;

   msg.Key = oracle123;

3. Add the following code immediately after the code that you added in Step <$elemparanumonly.

   document.getElementById('siebelframeid').contentWindow.postMessage(msg, '*');

   This code invokes a change in the Siebel Portlet window, so that the requested view or applet will get loaded in the content area.

4. You can use several SWE commands to display a Siebel portlet in Siebel Open UI. For security reasons, you can use only the GotoView and GetApplet method to call a Siebel portlet from an external application. GotoPage and GotoPageTab are not applicable to Siebel Open UI. You can use the commands in the following table within a Siebel portlet. You cannot use them to call a portlet.

   Supported Values	Inside External Siebel Application	Called from UI Element Inside Siebel Portlet Container	Called from Outside Siebel Portlet Container
   CanInvokeMethod	Yes	Yes	No
   ExecuteLogin	Yes. It is not supported for HTTP GET. It is supported through HTTP POST.	Not applicable for this use case.	No. Yes. It is not supported for HTTP GET. It is supported through HTTP POST.
   GotoView	Yes. Use only when invoked from the browser address bar by refresh or history navigation.	Yes	Yes
   GetApplet	Yes	Yes	Yes
   InvokeMethod	Yes	Yes	No For more information, see Allowing Blocked Methods for HTTP GET Access.
   LoadService	Yes	Yes	No
   Login	Yes	Not applicable to Siebel Open UI.	Not applicable (use SSO or similar)
   Logoff	Yes	Not applicable to Siebel Open UI.	No
   ReloadCT	Yes	Yes	No