+ Start a Discussion
David DavisDavid Davis 

Canvas app invalid session when using frontdoor authentication


When users log in to Salesforce via frontdoor.jsp (http://docs.releasenotes.salesforce.com/en-us/winter14/release-notes/security_frontdoorjsp.htm), they are unable to access Saleforce Canvas apps. 

The exact error is:

Oops, there was an error rendering Force.com Canvas application [Cavnas_App_Name].
Your browsing session has ended or is invalid. Please re-login to Salesforce.com again.

Everything else within Salesforce appears to be working fine, so we know the session is valid.

We have tried adding all OAuth scopes (including full and web) to the Canvas app, but still get the same error.

Any ideas?
if Lightning Components are enabled in your org then Canvas apps wlill no more work! Check on new feature called Lighting Components; if somebody enabled it!
Tim ChimTim Chim

I am facing exactly the same error as metioned by David.
And I checked my orgranization does not have lightning components enabled.

Is Canvas not expected to work with frontdoor? Or we are missing something?

 did you find a solution to this problem?
Erdos BalintErdos Balint
I had this same problem when using `sfdx force:org:open` with a scratch organization.

Front door login isn't enough for canvas. If you're front door logged in already, then go log out and use the "normal" login form to log in again. "Proper" sessions like that work with canvas without problem.

If you're using sfdx like I do, you need to generate a password for the scratch user with `sfdx force:user:password:generate` to be able to log in without front door.

Also, be careful: if you front door into an account that is already "normal log in" authenticated, the front door login overrides your session and you'll have to log in again to get canvas apps to work again.

I believe this is a (pretty ridiculous) bug in Salesforce authentication.
Jeremy Smith 83Jeremy Smith 83
If this has been broken for 4 years, is it a security feature?  I'm facing the same issue currently and have tried several workarounds.  Providing access to front door isn't of much use if you use canvas apps.
Petr Chvala 4Petr Chvala 4

The fact that Cavas App wont work if `sfdx force:org:open` is used because it will use the frontdoor was anoying but something we could live with. But it turned out this is issue is more serious and its now affecting our clients who has Quip. Whenever user opens tab with Quip, every Canvas will start malfunctioning the same way.    

I will contact SFDC support now and hopefully get some answers. This issue makes entire Canvas unreliable.