All geek questions in one place

Single Sign-On (SSO) using JWT

I read several articles about sso, but could not find an answer in my opinion. I have a script as shown below:

Scenario:

  • My company wants to use the sso mechanism using jwt.
  • The company has 2 different domains, such as abc.com as abc and xyz.com as xyz .
  • There is also a masterdomain that manages client authentication.
  • User X wants to login to abc first .
  • abc sends the credentials to masterdomain and masterdomain , then authenticates the user, then creates a signed jwt to send abc back. strong>.
  • abc stores this jwt in a cookie.
  • After a while, if an attempt to log in to the abc system is made on the same computer, the system does not request credentials and automatically enters the user into the system.

Question:

If a user tries to open a page in the xyz domain, how does the system understand that the user has registered before? I mean, the xyz domain cannot get into the abc cookie, which has jwt. What information should xyz send that indicates that user X is trying to log in?

Thanks in advance

+6
source share
1 answer

You can save the JWT authentication token in the cookie / localStorage of the intermediate domain connected to the home page using iframe

cross domain sso

Scenario

  • abc sends the credentials to masterdomain and masterdomain , then authenticates the user, then creates a signed jwt to send back to abc.

  • abc masterdomain saves this jwt in a cookie.

  • After some time, if an attempt to log in to the abc system is made on one computer, the system does not request credentials and automatically enters the user into the system.

Finally, when the user enters the second xyz domain, jwt is restored from the masterdomain repository using an iframe, and automatically logs the user

CORS is not a problem because masterdomain.com has access to its repository and iframe communication is allowed if the start and destination are recognized (see http://blog.teamtreehouse.com/cross-domain-messaging-with-postmessage )

To simplify development, we recently released an open source cross-domain SSO project with JWT at https://github.com/Aralink/ssojwt

+3
source

Source: https://habr.com/ru/post/1012218/

More articles:


All Articles