search

IdentityServer / IdentityServer3

OpenID Connect Provider and OAuth 2.0 Authorization Server Framework for ASP.NET 4.x/Katana
https://identityserver.github.io/Documentation/
Apache License 2.0
2.01k stars 764 forks source link

Navigating between web applications on same/different domains #3469

Closed ahokkonen-dev closed 7 years ago

ahokkonen-dev commented 7 years ago

Question

I am pretty sure my question is not directly related to IdentityServer’s features, but I hope you, guys, can give me an advice to help with next issue. In our environment, we have several web applications running on different domains/machines, which are using IdentityServer as an authentication authority. Everything is working just fine in terms of authentication and authorization and with SSO users can get access to all apps.

This is a problem:

User navigates for the first time on, let’s say, WebApp1 (http://domain1/WebApp1) which requires authentication – user automatically redirected to IdSrv login. Users enters credentials and then redirects back to WebApp1. Everything is working fine, base “.AspNet.Cookies” –cookie is created and user can navigate within WebApp1 resources without concerns. After wile users navigates to WebApp2 on the same domain (http://domain1/WebApp2). During navigation app makes roundtrip to IdSrv making sure that user is authenticated and returns to WebApp2 (no new login required) – this is ok. But then, if user wants to go back to WebApp1, the new roundtrip to IdSrv is occurred and that is what I want to avoid! And this happends each time user switches between apps.

Is there any way to prevent those IdSrv roundtrips on every navigation between multiple WebApplication on same/different domains? One workaround I found is to use different names for ASP.NET cookies for each applications, but this makes identity sign-out way more complicated.

brockallen commented 7 years ago

Use different cookie names for the different apps?

Anyway, in the future since this seems to be a general question (not a bug report or an issue), please use StackOverflow for that. This has the advantage that questions and answers can be easily found by search engines, and that there are more people answering questions than just us.

For IdentityServer3 https://stackoverflow.com/questions/tagged/?tagnames=identityserver3&sort=newest

For IdentityServer4 https://stackoverflow.com/questions/tagged/?tagnames=identityserver4&sort=newest

For commercial support https://identityserver.io/

ahokkonen-dev commented 7 years ago

Thanx for answering Brock, I'll try my luck on StackOverflow. It is still not clear to me how the single-sign-out will act using that solution.