Skip to main content

Technical Reference

SAML in CYO Integrations

CYO integrations use SAML (Security Assertion Markup Language) to exchange authentication and authorization information between Candescent Digital Banking and the FI-hosted application.

RoleParty
Identity Provider (IdP)Candescent Digital Banking
Service Provider (SP)FI or vendor application

This enables users to access the FI-hosted application within their online or mobile banking session without logging in again. Candescent Digital Banking standardizes on the SAML 2.0 POST Profile. See the diagram below.

SAML SSO Overview

info

Assertion attributes, token formats, and federation gateway requirements are documented in the SAML Integration. This page covers only CYO-specific hosting and presentation concerns.


Header Customization

The CYO widget header consists of a translatable title and an icon.

PropertyDefaultOverride
TitleDerived from the widget name (converted to title case)FI-specific title override
IconGeneric article iconMaterial UI (MUI) icon name in lower snake_case (for example, attach_money)

If title or icon override properties are not exposed at the Global Widgets level, request Tech Support to add them.


Sizing and Responsiveness

CYO applications must be responsive across screen sizes.

Width

LayoutApproximate width
Large screens (2-column layout)Widget stack is ~4/12 of page width (roughly 350px – 465px)
Medium screens (1-column layout)Stack expands up to ~1150px and scales down as the window narrows

Height

The default CYO iframe height is 600px.

Dynamic Resizing

Include the iframeResizer scripts in your CYO HTML <head> so the widget adjusts height based on content — avoiding cut-off content or large white gaps.

<script src="https://resource.digitalinsight.com/leapfrog/lib/iframe-resizer/iframeResizer.contentWindow.min.js"></script>
<script src="https://resource.digitalinsight.com/leapfrog/lib/iframe-resizer/iframeResizer.min.js"></script>

Permissions

Role / permissionMetadata editingSource URL editing
Candescent Admin (manage-global-widgets)
FI Admin (FI_WIDGETS_EDIT)
FI Admin (fi-widgets-read-only)View onlyView only

FI Admins can update widget title and layout but cannot change the CYO source URL. URL changes require Candescent Admin access.


Troubleshooting

White Space Issues

If a CYO widget displays unexpected white space in Online or Mobile Banking:

  1. Verify iframeResizer.contentWindow.min.js and iframeResizer.min.js are implemented in the CYO application.
  2. Request that Candescent Support add the FI's domain to the integrated app domain list if resizing alone does not resolve the issue.

Cross-Origin Iframe Errors

A console error such as:

Uncaught Error: Unexpected message received from: https://[your-domain] for iFrameResizer0.

usually indicates the domain is not allowlisted. Contact Candescent Support to add the affected domain to the com.ncr.banking.usp.appconfig.integratedAppDomains configuration.

PDFs in Mobile Applications

PDF download and viewing behavior depends on the CYO application's configuration:

PlatformBehavior
iOSGenerally handles PDFs seamlessly via the native WebView PDF viewer
AndroidMay require specific configuration within the CYO application; the platform does not control internal download behavior

Next Steps