cross domain - Single Sign On (SSO) using JWT -


i have read several articles sso not find answer in mind. have scenario below:

scenario:

  • my company wants have sso mechanism using jwt.
  • company has 2 different domains abc.com abc , xyz.com xyz.
  • also there masterdomain manages clients authentication.
  • user x wants log in abc @ first.
  • abc sends credentials masterdomain , masterdomain authenticates user create signed jwt in order send abc.
  • abc keeps jwt in cookie.
  • after while if login abc attempted @ same computer, system not ask credentials , automatically login user.

question:

if user tries open page in xyz domain, how system understand user loggedin before? mean xyz domain cannot reach cookie of abc has jwt. information should sent xyz indicates user x trying login?

thanks in advance

you can store jwt authentication token in cookie / localstorage of intermediate domain connected home page using iframe

cross domain sso

scenario

  • abc sends credentials masterdomain , masterdomain authenticates user create signed jwt in order send abc.

  • abc masterdomain keeps jwt in cookie.

  • after while if login abc attempted @ same computer, system not ask credentials , automatically login user.

finally when user enters in second domain xyz, jwt recovered masterdomain storage using iframe, , automatically login user

cors not problem because masterdomain.com have access storage , communication between iframes allowed if origin , destination recognized (see http://blog.teamtreehouse.com/cross-domain-messaging-with-postmessage)

to simplify development, have released opensource project cross domain sso jwt @ https://github.com/aralink/ssojwt


Comments

Post a Comment

Popular posts from this blog

aws api gateway - SerializationException in posting new Records via Dynamodb Proxy Service in API -

i getting "__type": "com.amazon.coral.service#serializationexception" as reply in postman & in test console in api gateway trying post record directly dynamodb using api proxy services.. referring aws article - https://aws.amazon.com/blogs/compute/using-amazon-api-gateway-as-a-proxy-for-dynamodb/ here's mapping { "tablename": "tablenamegoeshere", "item": { "id" : "$context.requestid" "eventname" : "$input.path('$.eventname')", "timestamp" : $input.path('$.timestamp'), "answers": "$util.parsejson($input.path('$.answers'))" } } update: did asked ... , worked if try add array of json objects gives me above same error - here's trying now. please - couldnt find on google well #set($inputroot = $input.path('$')) { "tablename": "answer", "item": {
Read more

asp.net - Problems sending emails from forum -

i have been redesigning site has message board, has been written guy looked after site. it has few problems , written in .asp , uses .mdb files database. you can see whole thing here . feel free post if helps, test thing have set using original files , new database. the basic problem when posts message, supposed email sent them, have posted it. when replies, originator supposed message, replier has been posted. i’d have thought @ point in process there should script/file in postmessage.asp? the postmessage.asp page below. <% option explicit %> <!-- #include virtual="common/adovbs.inc" --> <html> <head> <meta http-equiv="content-type" content="text/html; charset=windows-1252"> <meta name="generator" content="microsoft frontpage 4.0"> <meta name="progid" content="frontpage.editor.document"> <title>new page 2</title> <base target="_self"
Read more