Implementing shared login for all clients

[mirceaalexandru]

Flow:

• login in one app
• when start another app from same browser/IP then we should try to login automatically - This is not implemented as a feature but I can add it. Anyway we need a way to identify the user based on something.(edited)

Question: Is that OK it will have the same login identifier (auth token set as cookie value) for both sessions or a new login will be created? My answer: a new login will be created based on the existing one.

Question: What will be the discriminator for user in shared login feature? Remote client IP? Other?

Question UI: For shared login it will require a change in UI. When go to login page verify if already logged in in another apps and then:

• automatically login - then it will not be possible for a user to login using different credentials as login page will never be accessible.
• or display a button for automatically login

[mirceaalexandru]

Thoughts:

Solution for setting same cookie (token auth) between multiple applications (different domains):

System has:

• Concorda set with shared login feature
• Two client applications for Concorda: Vidi & Sentinel - as example.

Vidi application authentication:

• user press login in Vidi
• redirect to login in Concorda
• no auth cookie found - proceed to login page.
• login in Concorda and in response set token as cookie for Concorda domain
• redirect to Vidi and set the same cookie there - cookie value must be sent to Vidi and Vidi should set it as cookie

Sentinel application authentication using shared login feature:

• user press login in Sentinel
• forward to Concorda login, proceed to an automatic auth based on Concorda domain cookie, authenticate it and the redirect back to Sentinel, setting same cookie in Sentinel domain. (?)

[mirceaalexandru]

@mcdonnelldean any idea how to implement this in a better way after the meeting?