In the previous post, we went through an overview of SSO with a domain cookie. In this post, we’ll dig into some of the technical considerations when implementing this SSO solution.
As an overview, here are the responsibilities of each website from the previous post:
- AMS.abc.org (Identity Provider/System of Record):
- Provides login page
- Provides logout page
- Manages Tokens and SSO cookie.
- Provides SlideCookie page/handler (more on this below)
- Provides API to validate Tokens
- Inspects SSO cookie on every page request
- Validates Token against API on every page request (server side)
- Automatically logs the user in if the Token is valid.
- Automatically logs the user out if the Token is not valid.