I have read several articles about sso but could not find an answer in my mind. I have a scenario like below:
Scenario:
Question:
If user tries to open a page in xyz domain, how does the system understand that the user loggedin before? I mean xyz domain cannot reach the cookie of abc which has the jwt. What information should be sent to xyz that indicates the user X is trying to login?
Thanks in advance
Click Add and name the template JWT to SAML2 . Click OK. Select the JWT to SAML2 template and add the Default Map Module in Map mode and a Default SAML 2.0 token in Issue mode. Save and deploy the changes.
SAML is the older format and is based on XML. It's used commonly in protocols like SAML-P, WS-Trust and WS-Federation (although not strictly required). JWT (JSON Web Token) tokens are based on JSON and used in new authentication and authorization protocols like OpenID Connect and OAuth 2.0.
You can store the JWT authentication token in a cookie / localStorage of a intermediate domain connected to the home page using an iframe
Scenario
abc sends credentials to masterdomain and masterdomain authenticates user then create a signed jwt in order to send back to abc.
abcmasterdomain keeps this jwt in a cookie.After a while if a login to abc is attempted at the same computer, system does not ask for credentials and automatically login the user.
Finally when the user enters in the second domain xyz, the jwt is recovered from masterdomain storage using the iframe, and automatically login the user
CORS is not a problem because masterdomain.com have access to its storage and communication between iframes is allowed if origin and destination are recognized (see http://blog.teamtreehouse.com/cross-domain-messaging-with-postmessage)
To simplify development, we have released recently an opensource project cross domain SSO with JWT at https://github.com/Aralink/ssojwt
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With