Nested SSO support - Githubissues

openziti / ziti-browzer-runtime

The Ziti JS runtime auto-bootstrapped into a web app running under BrowZer

Apache License 2.0

5 stars 2 forks source link

Nested SSO support #249

Open rentallect opened 7 months ago

rentallect commented 7 months ago

Explore the possibility of reusing the same JWT bearer token ZBR received from the IdP to authenticate onto the Ziti network as also the bearer token used to authenticate/login to a protected web app that supports federated login from the same IdP (e.g. Mattermost web app and 'login with Google')

canny[bot] commented 4 months ago

This issue has been linked to a Canny post: Add nested SSO support :tada:

rickwang7712 commented 2 months ago

Hi @rentallect , I implemented nested sso by avoiding code grant parameters being captured by Browzer. Below please check my implementations:

ziti-browzer-bootstrapper: add rp's callback path whitelist.
ziti-browzer-sw: only consumes code grant params if the path wasn't set as rp's callback path

If my modifications look good to you, please let me know, and I will send the pull requests.

Thanks!