Embed to Website

From QPR ProcessAnalyzer Wiki
Revision as of 20:08, 26 October 2025 by Ollvihe (talk | contribs)
Jump to navigation Jump to search

QPR ProcessAnalyzer can be embedded to another website, such as Microsoft Sharepoint. The embedding is based on the iframe html element. By default, QPR ProcessAnalyzer only allowes to be embedded by a website in the same origin that is restricted by the Content-Security-Policy HTTL header. More information how to change the CSP setting in Security Hardening.

Example webpage

This is a simple example page containing an iframe element that embeds QPR ProcessAnalyzer. 

<!DOCTYPE html>
<html>
  <body>
    <iframe src="https://processanalyzer.company.com/qprpa/ui/#/dashboard?sys:dashboardIdentifier=/MyProject/MyDashboard" height="600" width="900"></iframe>
  </body>
</html>

Change CSP frame-ancestors setting

By default, the Content-Security-Policy HTTL header frame-ancestors directive is set to self', allowing the parent website where QPR ProcessAnalyzer is embedded to, to be located in the same origin. If the parent website is in another origin, the CSP needs to be changed as follows (allowing to embed QPR ProcessAnalyzer in the example.com website): 

frame-ancestors 'self' example.com;

If the CSP prevents the embedded website from showing, there will be a descriptive error message in the browser console. It contains details which CSP directive didn't allow to open the page.

More information about the Content-Security-Policy HTTL header: https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP.

Using SAML authentication with embedding

When QPR ProcessAnalyzer is embedded to another website and the SAML authentication is in use, the authentication is performed in a separate browser window or tab. This is because some identity providers don't allow the authentication to be performed in as embedded (in an iframe). This this situation, when the SAML authentication initiates, the identity provider page will be opened into a new browser window. While this window is open, the embedded (original) window shows an overlay that tells the user that the authentication is in progress in another browser window. If popups are blocked in the web browser, a descriptive message is shown to the user which asks the user to disable the popup blocking, or to click in the browser frame to open the popup window. Once the identity provider login has been completed successfully, the popup window will be closed and the original browser window will go to QPR ProcessAnalyzer. If the separate browser window is closed prior to completing the login, the original browser window will show normal PA login view open.

Retrieved from "https://wiki.onqpr.com/pa/index.php?title=Embed_to_Website&oldid=27156"