+ Start a Discussion
David DavisDavid Davis 

Canvas app invalid session when using frontdoor authentication

Hi,

When users log in to Salesforce via frontdoor.jsp (http://docs.releasenotes.salesforce.com/en-us/winter14/release-notes/security_frontdoorjsp.htm), they are unable to access Saleforce Canvas apps. 

The exact error is:

Oops, there was an error rendering Force.com Canvas application [Cavnas_App_Name].
Your browsing session has ended or is invalid. Please re-login to Salesforce.com again.

Everything else within Salesforce appears to be working fine, so we know the session is valid.

We have tried adding all OAuth scopes (including full and web) to the Canvas app, but still get the same error.

Any ideas?
Sumitkumar_ShingaviSumitkumar_Shingavi
if Lightning Components are enabled in your org then Canvas apps wlill no more work! Check on new feature called Lighting Components; if somebody enabled it!
Tim ChimTim Chim

I am facing exactly the same error as metioned by David.
And I checked my orgranization does not have lightning components enabled.

Is Canvas not expected to work with frontdoor? Or we are missing something?
Thanks.

nikhil.snikhil.s
 did you find a solution to this problem?
Erdos BalintErdos Balint
I had this same problem when using `sfdx force:org:open` with a scratch organization.

Front door login isn't enough for canvas. If you're front door logged in already, then go log out and use the "normal" login form to log in again. "Proper" sessions like that work with canvas without problem.

If you're using sfdx like I do, you need to generate a password for the scratch user with `sfdx force:user:password:generate` to be able to log in without front door.

Also, be careful: if you front door into an account that is already "normal log in" authenticated, the front door login overrides your session and you'll have to log in again to get canvas apps to work again.

I believe this is a (pretty ridiculous) bug in Salesforce authentication.
Jeremy Smith 83Jeremy Smith 83
If this has been broken for 4 years, is it a security feature?  I'm facing the same issue currently and have tried several workarounds.  Providing access to front door isn't of much use if you use canvas apps.