Q: I want SSO for the following: If I signed in one web app e.g. one.sampleapp.com, which has a link to second web app, e.g. two.sampleapp.com, and I click on two.sampleapp.com, it should not ask me to login again.
A: We support this as part of our Seamless SSO feature. LoginRocket will keep track of each user’s session and if still logged in, automatically forward them back to your app.
To make this work with 2 apps, you’ll want to use only 1 Connected App (with the Redirect URIs setting) and then use the redirect_uri= parameter to LoginRocket. Here’s how it works:
By default (when the Connected App -> Redirect URIs field is blank), LoginRocket always sends a finished login to the Login Handler URL, with the token= parameter added.
However, by adding the URLs to each of your apps to Redirect URIs (eg: https://one.sampleapp.com/, etc), you can then pass in a redirect_uri= param to LoginRocket. When the login is finished, as long as the value of the redirect_uri= param begins with one of the values in Redirect URIs, the user will be directed there instead, with token= added.
When combined with the session tracking mentioned above (which can be turned on at: Realm -> Settings -> LoginRocket -> Seamless SSO), LoginRocket can automatically transfer users between your apps, providing a copy of the token to each app, so they can treat them as a login.
The redirect_uri parameter would look like this: when your app isn’t logged in and needs to request a login, redirect the user to:
https://yourdomain.e1.loginrocket.com/login?redirect_uri=https://two.sampleapp.com/login
You can include your own params for the redirect_uri URL, you’ll just need to URL encode them. So you’d send the URL encoded equivalent of something like:
?redirect_uri=https://two.sampleapp.com/login?next=/path/in/app
Note that all of this works whether using subdomains (one.sampleapp.com and two.sampleapp.com) or entirely separate domains (app-one.com and app-two.com).
Tagged with: sso seamless sso redirect handling
Questions? Find a Typo? Get in touch.