I have two different domains www.domaina.com and www.domainb.com, I want to have one login page for both of the domains, for authentication I am using aws Cognito service.
What steps do I need to take in order to achieve that?
Related
How to keep maintain cookies and session across 3 different domain?
I am setting up a centralized authentication for our 3 products which has different domain, like abc.com, xyz.com and def.com. so i have created a login server like login.abc.com, where my centerlized login will occur. so whenever a user entered abc.com and login himself in login.abc.com, then he can access all 3 products, but the challenging is when he opens third products or second products how can i authenticate him? because it's in different domain and same cookies doesn't work in different domains. So if you have any idea to overcome from this problem, then please share your ideas.
how to store cookies or JWT token, so that other site can take that cookies/ token for validating with user
Note: Like google, if you signed-in in gmail, then you automatically logged-in in youtube, though they have different domain.
i want such architecture like google follows.
Single Sign on (SSO) is a user experience that a user signs in only one time. A user is automatically signed into other applications if the user has already signed into one application. The user's authentication session is maintained by the dedicated and centralized SSO service. In your example, the abc.com will remember user sign-in status, if user has been signed in to abc.com, user does not prompt for sign-in again whenever user tries to access applications in any other domain.
I have 3 separate net core web apps on the same IIS web server. All of them are equals at 90% but every one has its own database, its own users and its own subdomain.
I would like to have a unique web app to login into the corresponding final web app depending on the user logged, basicly because I need all the users to access from a specific URL login.my-platform.com By now every user access through its web app with a login page on its subdomain.
USER FINAL WEB APP
==================================
111 platfA.my-platform.com
222 platfA.my-platform.com
333 platfB.my-platform.com
444 platfB.my-platform.com
555 platfC.my-platform.com
Moreover, from a final web app, a user could create more users to that final web app, so the user will be accesible from the login web app.
I think an inappropriate solution would be to try to loggin to the 3 different databases changing the connectionString value and set a short connection timeout, but I want to avoid it. I think there must be a better solution and I just need a little bit of lighting. Thanks
There's two approaches:
Shared cookies
Distributed auth
The first method is available only because all of these sites share the same primary domain, i.e. my-platform.com. If that's not the case or it changes in the future, this won't work. You'll need to do two things: every site will need to be configured to use the same auth cookie name and domain (the wildcard .my-platform.com). Then, you'll need to set up a data protection provider on each that pulls from the same source. See this article for more info.
The second method, is more complicated, but also more robust. You'll need to utilize something like IdentityServer4 or a third-party service like Auth0. The former requires more code and configuration, but is free; the latter is virtually drop-in but not free and can become quite expensive, in fact, depending on your usage. In either case, your applications will connect to this distributed auth service for both authentication and authorization. For normal user login, you'd like follow an OpenID Connect workflow, where the user will be redirected to the distributed auth website to authenticate and then will be redirected back to the originating website with a token. The originating website, then, can use this token to request the user claim, and then set a cookie in the normal way.
We have a application running already lets say a.example.com, now we are planning to add one more application as b.example.com. We are already storing user session of a.example.com in Azure Redis cache. Is there a simple way to provide SSO between my two sites, by utilizing the existing Redis session store.
Note : please dont suggest using identity framework, as I dont want to have a separate server, to do authentication. Correct me If I was wrong here guys.
Thanks in Advance
Ganesan S
I will first say what could be a solution, then give what my work has done since we have multiple sights that all deal with their own sessions, but are all linked.
When you create a session for a.example.com, could you also create b.example.com as well and have both put in the Redis store? Then when a person signs out you can find the session for both sites based on the user and delete both at once.
Another option could be to have 1 session that both sites look for. That way each user only has 1 session, so there is only 1 to create and 1 to destroy. You could set up the domain to be by example.com unless there are other sites that should not see that domain.
We use a Service Provider that creates a sign in hub that all of our sites point to. Then each site gets its own session that has a domain over everything. Then when someone logs out the server will delete all sessions at once and call logout for the user at the service provider. In your case you could treat the Redis session store as a sort of Service provider storing the sessions for the users that your websites look at for user validation?
Our company has two websites. Both websites have their own subdomains (on same domain). Both websites are using the same LDAP server for authentication.
Is there a way to authenticate users only once, and allow the (authenticated) user to access either website so that we don't have to login in to each site separately? For example, I'm logged in to siteA.domain.org, then I click on siteB.domain.org -- in this case I wouldn't be prompted to login to siteB.domain.org because I'm already authenticated to siteA.domain.org.
You probably need to add some info to your question regarding how you're doing your authentication. OAuth is an authorisation protocol, with a side-effect of authentication in some circumstances. So (for example) in Google OAuth, the user signs in to Google, not your website. Your website can test if the user is signed in to Google, and if so, obtain an access/id token to know who the user is.
So it all depends how your site is choosing to handle "login"
Is it possible for more than one site to share a cookie or create a "global" cookie for multiple sites to access? They share the same domain but have different subdomains.
We have several systems and need a way to share authentication between them. When a user is logged into one, we want them to also be logged in to the others.
One site is authenticated through Magenot as it is our e-commerce site. one is through Wordpress as it is our content and the other is an ASP.Net site. They all authenticate to an Oracle back end through a web service but how would I be able to tell if a user is logged into one of the others and if they are, log them into the one they are accessing?
Anyone know how to do that handily?
A cookie can be set for a domain or subdomain, so yes, you can have a global cookie by setting it to your top level domain. In this case you would need to configure each system to use the top level domain for their authentication cookie and the same cookie name.
However, The different systems are going to use different content and encryption for their cookies so I don't think they can share a cookie in the way you intend.