Window.opener null on same domain in IE

Question

I've researched this extensively (there are many similar questions) but I'm not finding the exact answer I'm looking for.

I am creating a single sign-on widget, so the user flow is as follows:

User clicks Login to open window (domain1) > Login flow (domain2) > Landing page (domain1)

Here is the code I'm using on the landing page:

<html>
<head>
    <title>Redirect</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <script type="text/javascript">
    if (window.opener && !window.opener.closed) {
        setTimeout(function(){
            window.opener.location.href = "[some URL]";
            window.close();
        },2000);
    }
    </script>
</head>
<body>
    <p>Logging you in...</p>
</body>
</html>

The purpose of having the landing page at the end is so that I can eliminate cross-domain issues with accessing window.opener.

This works like a charm in all browsers except IE (gasp!). IE says window.opener is null, even though I have returned to my own domain.

Nothing I've read so far really solves this issue. I have to think there must be some way to do this, since so many sites are using FSSO. Unfortunately, it's not an option for us to find an alternative to a popup window.

Is this just impossible to do in IE due to browser-related security? The only other thing I can think of is to put some kind of listener on the parent to wait for the child to close. Ugh.

Answer 1

It seems the issue was related the security zones set on our corporate IE builds. The different domains were relegated to separate zones. Apparently IE loses the value of window.opener when passing through these zones and doesn't bother to reset it. When tested on an outside build of IE it worked.