Open timcappalli opened 3 years ago
Old comment from @gffletch:
Do we need a use case document for each protocol? Also, seemless/silent SSO requires some mechanism for shared state. Do we need a use case for each of those mechanisms?
I'm working on a scenario for redirects where all properties are on the eTLD+1 and "logged-in flag" can be shared via a cookie on the eTLD+1.
This could also be accomplished by RP2 doing a redirect with prompt=none to IDP1 whenever the user arrives.
Additionally, I think this can be done with embedded iframes where the iframe is sourced from IDP1. I'm less familiar with this method.
Other options?
We should create a separate issue to track the case where RP2 is embedded in RP1. I will open
Web application
RP1
andRP2
offer sign in/sign up functionality for users of identity providerIDP1
, using any of the following:The user is already signing in
RP1
. The user navigates toRP2
, and expects to obtain an authenticated session without any interactive prompt.User agent access to user info depends on the mechanics of the protocol of choice.