Hey,
We are tring to display in an Iframe a cloud shared DataMiner dashboard internal web site. we are getting the below error.
Is that something that we can conifure \ set to allow it?
The main URL seems to load successfully, but then it redirects to the login page at https://dataminerservices.b2clogin.com/ and the browser refuses to display this page.
The login page has a setting of X-Frame-Options: deny which tells the browser not to load it. This could be removed and substituted with a Content-Security-Policy setting that allowed the 360 domains to load it. But, usually login pages purposely don't allow this kind of thing for security reasons.
Does Dataminer have any kind of embed token, or public embedding method that could be a solution?
Thank you.
Hi Guy,
Why the cloud share can't be iframed: Opening the cloud-share link redirects to DataMiner's login provider, dataminerservices.b2clogin.com (Microsoft Azure AD B2C). That Microsoft-hosted page returns X-Frame-Options: deny, so browsers refuse to render it in a frame. This is deliberate anti-clickjacking protection, and because it's Microsoft's page, it can't be overridden. That's why SES 360 can open the dashboard in a tab but not in an iframe — and there's no public/anonymous embed token to work around it.
The solution — embed from your own DMA, not the cloud share:
- Use the local DMA URL:
https://<DMA-hostname>/dashboard/#/<folder>/<Name>.dmadb?embed=true(from the Dashboards app: ... → Share → enable Embed → Copy link; confirm it uses your DMA hostname, not*.on.dataminer.services). - When the page hosting the iframe is on the same origin as the DMA, the dashboard renders in the iframe with no login prompt, because the browser reuses the existing DMA session.
- When it's on a different origin (as SES 360 would be), the browser blocks the frame or prompts for login. This is standard cross-site behavior, not a DataMiner limitation — and it defines exactly what SES 360 needs.
To make it work in SES 360 (a different origin), two things must be configured:
- Allow SES 360 to frame the DMA.
X-Frame-Optionsonly supportsDENY/SAMEORIGIN, so use CSPframe-ancestorson the DMA's IIS instead:Content-Security-Policy: frame-ancestors 'self' https://<ses360-domain>;. See HTTP headers. - Give the iframe a silent session (the dashboard is always access-controlled, so the cross-origin login prompt must be handled, not removed). This can be achieved in one of two ways:
- SSO (SAML) – point the DMA at the same identity provider SES 360 uses, so signed-in users authenticate silently. As it's cross-site, serve the DMA over HTTPS with the session cookie set to
SameSite=None; Secure. See Configuring external authentication via SAML. - Reverse proxy – serve the DMA under the same domain as SES 360 (e.g.
ses360.example.com/dataminer/...), reproducing the same-origin case: the iframe shares the session and framing restrictions disappear.
- SSO (SAML) – point the DMA at the same identity provider SES 360 uses, so signed-in users authenticate silently. As it's cross-site, serve the DMA over HTTPS with the session cookie set to
In short: the public cloud-share link can't be iframed (unchangeable B2C block), but the dashboard embeds cleanly from your own DMA. The only remaining step for SES 360 is the cross-origin setup: a frame-ancestors header plus either SSO or a reverse proxy.
I hope this helps.
Kind Regards,
Flávio Jacinto