I am trying to implement Single Sign On feature(SSO). I have for now three systems that needs this feature. This SSO is relatively new to me, I have done SSO where the domain is same. There browser is no barrier so it works. So with few research i found this good article on auth0.com. https://auth0.com/blog/what-is-and-how-does-single-sign-on-work/ [![enter image description here][1]][1]

The explaination is quite straight forward. Client domains asks for authorization from auth servers which in turn sends token back to the client domain for storing in the browser.

As per my understanding:

When domain1 request for authentication to auth server, the auth server will validate the request and if successful, send auth token to domain1. Auth server will also store the token in browser? Now when domain2 ask for authorization if a token already exists then auth server will return the existing token to domain2.

If so, what is the amount of time the auth server needs to be holding the token? Doesn't the token stored in auth server be invalid after sometime? How is it refreshed?

What is active directory and how does it help in SSO?

Am i missing something?

I am trying to do this on ASP.NET, but any other language should not be a barrier for answer here I think. [1]: https://i.sstatic.net/wQyrC.png