SingleSignOnServiceProviderBundle icon indicating copy to clipboard operation
SingleSignOnServiceProviderBundle copied to clipboard
verified publisher icon korotovsky

Does this accomplish SSO between multiple TLDs?

Open softrare opened this issue 5 years ago • 6 comments

Hi! I am actually a little confused what this accomplishes. We have multiple systems - all running on Symfony 4, all running on different TLDs - one of which being an identity provider system being logged into through OAuth2 (FOSOAuthServerBundle). What can this software accomplish for us? Can it do SSO in the sense of that if you're logged into one website, you're automatically also logged in another? Sorry for this question, but I was really missing information about this. Thank you in advance!

softrare avatar Apr 17 '20 08:04 softrare

It can handle different tld but not automatically, on sp you must initiate authentication process somehow

korotovsky avatar Apr 17 '20 09:04 korotovsky

Thank you! You mean it must somehow recognize the session id or or have another clue about whom to log in right?

softrare avatar Apr 20 '20 12:04 softrare

IdP passes token to SP and then SP makes trusted Server-Side request when user is on the SP to get additional data and validate this token. Then SP authenticates user.

korotovsky avatar Apr 20 '20 13:04 korotovsky

Yes, but how does SP know who is that user if he only ever gets the user information from IdP? Or does the SP need his own login form in this scenario? Because right now we're referring the user exclusively to IdP for that.

softrare avatar Apr 20 '20 13:04 softrare

IdP returns all the data by token, username, roles and so on in the trusted server-2-server request. SP does not need a special login form a theory

korotovsky avatar Apr 20 '20 13:04 korotovsky

Thank you for your help!

softrare avatar Apr 20 '20 14:04 softrare