25
Views
2
Comments
Solved
Single Sign-On Between two different applications
Question
Application Type
Traditional Web, Reactive
Service Studio Version
11.8.13 (Build 32892)
Platform Version
11.7.2 (Build 5749)

Hi,

At the moment we have application A (Reactive Web Application) and users are being redirected to Application B (Traditional Web Application). Users do login on Application A but users need to login again on Application B. Is there anyway to prevent this? So basicly what we want is the user to login on Application A and user will also be logged in to Application B.

Our current platform is Version 11.7.2 (Build 5749) and therefore we can't use  Single Sign-On Between App Types in Service Center for now (we will update this in the future). Also both application use the same User provider.

Thanks,

Bart

Rank: #95
Solution

Hello Bart,

Hope you are doing well :)

That situation occurs because the session in traditional web and the session in reactive web are different, so when the user navigates between applications, if there is no session, he will be asked to do a login.


In my perspective, your best option is clearly upgrade your Platform Server version in order to use OutSystems Single Sign-On default capabilities.


As an alternative, you may take a look at this component: https://www.outsystems.com/forge/component-overview/7226/deprecated-sso-reactive-and-traditional-web

As described in the component, it is deprecated right now because it is no longer necessary since Platform version 11.8. Nevertheless, I believe you can still use it to achieve what you pretend.


Another alternative would be create a middle Blank Screen with the Anonymous Role and execute UserLogin Server Action in the Preparation of that screen. So instead of beeing redirected directly from Application A to Application B, you may redirect to this screen first just to execute the platform login. After the login, it is just necessary to redirect to the screen that you pretend (from Application B). However, keep in mind that this approach will raise a security issue, because someone who has access to this URL may get a valid session into Application B. This security issue should be properly addressed if you take this last approach.


I would try out the component first if I were you :)


Hope that this helps you!


Kind regards,

Rui Barradas