Skip to main content
Software Engineering

Return to Question

Fixed title. Question is about authentication, not authorization.
Link
edit approved Jan 22, 2020 at 18:14
Vajk Hermecz
edit approved Jan 22, 2020 at 18:14
Vajk Hermecz
  • 103
  • 3

How does authorizationauthentication Server work on Single Sign on?

Notice removed Draw attention by Ruchan
Bounty Ended with Kasey Speakman's answer chosen by Ruchan
Tweeted twitter.com/StackSoftEng/status/877322596189995009
Notice added Draw attention by Ruchan
Bounty Started worth 50 reputation by Ruchan
deleted 61 characters in body
Source Link
Ruchan
Ruchan
  • 111
  • 1
  • 11

I am trying to implement Single Sign On feature(SSO). I have for now three systems that needs this feature. This SSO is relatively new to me, I have done SSO where the domain is same. There browser is no barrier so it works. So with few research i found this good article on auth0.com. https://auth0.com/blog/what-is-and-how-does-single-sign-on-work/ [![enter image description here][1]][1]

The explaination is quite straight forward. Client domains asks for authorization from auth servers which in turn sends token back to the client domain for storing in the browser.

As per my understanding:

When domain1 request for authentication to auth server, the auth server will validate the request and if successful, send auth token to domain1. Auth server will also store the token in browser? Now when domain2 ask for authorization if a token already exists then auth server will return the existing token to domain2.

If so, what is the amount of time the auth server needs to be holding the token? Doesn't the token stored in auth server be invalid after sometime? How is it refreshed?

What is active directory and how does it help in SSO?

Am i missing something?

I am trying to do this on ASP.NET, but any other language should not be a barrier for answer here I think. [1]: https://i.sstatic.net/wQyrC.png

I am trying to implement Single Sign On feature(SSO). I have for now three systems that needs this feature. This SSO is relatively new to me, I have done SSO where the domain is same. There browser is no barrier so it works. So with few research i found this good article on auth0.com. https://auth0.com/blog/what-is-and-how-does-single-sign-on-work/ [![enter image description here][1]][1]

The explaination is quite straight forward. Client domains asks for authorization from auth servers which in turn sends token back to the client domain for storing in the browser.

As per my understanding:

When domain1 request for authentication to auth server, the auth server will validate the request and if successful, send auth token to domain1. Auth server will also store the token in browser? Now when domain2 ask for authorization if a token already exists then auth server will return the existing token to domain2.

If so, what is the amount of time the auth server needs to be holding the token? Doesn't the token stored in auth server be invalid after sometime? How is it refreshed?

What is active directory and how does it help in SSO?

Am i missing something?

I am trying to do this on ASP.NET, but any other language should not be a barrier for answer here I think. [1]: https://i.sstatic.net/wQyrC.png

I am trying to implement Single Sign On feature(SSO). I have for now three systems that needs this feature. This SSO is relatively new to me, I have done SSO where the domain is same. There browser is no barrier so it works. So with few research i found this good article on auth0.com. https://auth0.com/blog/what-is-and-how-does-single-sign-on-work/ [![enter image description here][1]][1]

The explaination is quite straight forward. Client domains asks for authorization from auth servers which in turn sends token back to the client domain for storing in the browser.

As per my understanding:

When domain1 request for authentication to auth server, the auth server will validate the request and if successful, send auth token to domain1. Auth server will also store the token in browser? Now when domain2 ask for authorization if a token already exists then auth server will return the existing token to domain2.

If so, what is the amount of time the auth server needs to be holding the token? Doesn't the token stored in auth server be invalid after sometime? How is it refreshed?

Am i missing something?

I am trying to do this on ASP.NET, but any other language should not be a barrier for answer here I think. [1]: https://i.sstatic.net/wQyrC.png

grammatical/spelling error - title as a question
Link
Machado
Machado
  • 4.1k
  • 3
  • 27
  • 37

How does authorization Server workswork on Single Sign on?

grammatical/spelling error
Link
edit approved May 26, 2017 at 13:43
Svenmarim
edit approved May 26, 2017 at 13:43
Svenmarim
  • 105
  • 3
Source Link
Ruchan
Ruchan
  • 111
  • 1
  • 11