I set up some test sites for SSO using IdentityServer3, pretty much sample applications for cookie cutters with small turns. They work well, except for one thing: when trying to parse a subscription and / or renew a claim through a cookie, it only works if all applications are on the same machine.
For example, these two applications may log out.
http:
Claims updated in one application using the following also appear in another.
var authenticationManager = HttpContext.Current.GetOwinContext().Authentication; authenticationManager.AuthenticationResponseGrant = new AuthenticationResponseGrant(new ClaimsPrincipal(identity), new AuthenticationProperties { IsPersistent = false });
It also works if I configure such applications as follows:
http://mymachine/app1 http://mymachine/app2
But if I mix two
http://localhost:81 http://mymachine/app2
Then it will not work. Tried SignOut / SignIn too, same result. They are still signing up, but cannot go out together. Changing requirements will not appear in another. Of course, if I deploy the application on different servers. It is as if the cookie update occurred on the local computer, and not on IdSvr.
Any hints on what I missed? Thank.
identityserver3 single-sign-on
Whoever Sep 01 '16 at 17:35 2016-09-01 17:35
source share