I am attempting to create a custom MVC .Net site that will embed wiki pages into an iFrame. The site will be used to only view the wiki pages and if users want to edit, will have to go to wiki to do so.
I have found questions like this: Solved: How to embed Confluence pages in other websites (atlassian.com) and the support page: Confluence page does not display in an iframe | Confluence | Atlassian Documentation.
I was able to get to the point where I can see the login page in my iFrame. However, when entering credentials, I cannot log in since it is a different domain and I do not want to disable that security. Our website has its own user authentication, so my goal would be to bypass the wiki login with SSO once they auth on our website. We do have crowd as well and I was trying to set it up to use crowd SSO, but it seems as though I always just get the login page.
I have tried looking at the crowd support documentation (Integrating Crowd with a Custom Application | Crowd Data Center 5.2 | Atlassian Documentation) but it is not helpful, and I seem to be going in circles on how about to do things.
I was able to use the crowd rest apis (Crowd 5.2.3 (atlassian.com)) and was able to use the usermanagement/1/session api to get a Crowd SSO token. I think I found somewhere that I am supposed to put this token into a cookie in order login, but this has not worked for me, and I cannot remember where I saw that. Otherwise, I am not sure what else to do with this token in order to try to bypass the login. Found this on the auth cookie, but this is more for running the apis again which I can already do (Solved: Confluence REST API: Is there anyway to authentica... (atlassian.com))
I do have a backup plan to solely use the wiki apis to get the content and display it. The biggest problem with this is that there is a lot of string manipulation that needs to be done in order for links, images, files, etc. to work correctly. This is a fairly bad practice to edit the html as a lot could go wrong, so I would really prefer to try to do everything with the iframe and links to wiki to avoid this. Would also be a lot easier to support on our side if we do not have a lot of gross string manipulation code.
We recently upgraded to data center hosting type. I know there is an embedder plugin for cloud only, so we cannot use that.
We were also looking at Personal Access tokens, but from what it looks like these are used as another way to auth for apis. Seems like the cookie is also maybe just another way to auth for the apis instead of basic auth. But I want to be able to bypass the login page and just view the wiki page in my iFrame.
A lot of the questions I have found about similar stuff seem to be pretty old and not really helpful for my specific issue. I really just need to basically skip the wiki login page. Is there a way I can use the crowd sso token to do this? I know crowd has SSO 2.0 with the SAML configuration, but the documentation just says "create a client for custom app" and "use rest api" but then just goes in circles with the integration. Is it even possible to bypass the login screen with some sort of SSO or api or anything or am I wasting my time with this solution?
2/28 Update: I have been playing around with the crowd token more. I was able to save the crowd.token_key as a cookie. The only issues is that since I am developing it, my domain is localhost. I have to go into the browser to change the domain to our crowd domain and update path. When I do that I am able to bypass the login for crowd if I open it up on a new tab. It will not login if it is in the iframe. The other issue is that I need to be able to login to wiki and not crowd and if I open up wiki in a new tab, the crowd token key does not log me in. Once the crowd token is setup I can open a wiki page and it will take me to the login page where I see either continue with crowd or login with username and password. If I click continue with crowd it will automatically log in, but I do not want to have to click continue with crowd in the first place. This also does not work within the iFrame. I am pretty sure it is due to Same Site on the cookie defaulting to lax but there is not a way for me to change to to none.