Single Sign-On Between two different applications
Question
Application Type
Traditional Web, Reactive
Service Studio Version
11.8.13 (Build 32892)
Platform Version
11.7.2 (Build 5749)

Hi,

At the moment we have application A (Reactive Web Application) and users are being redirected to Application B (Traditional Web Application). Users do login on Application A but users need to login again on Application B. Is there anyway to prevent this? So basicly what we want is the user to login on Application A and user will also be logged in to Application B.

Our current platform is Version 11.7.2 (Build 5749) and therefore we can't use  Single Sign-On Between App Types in Service Center for now (we will update this in the future). Also both application use the same User provider.

Thanks,

Bart

mvp_badge
MVP
Solution

Hello Bart,

Hope you are doing well :)

That situation occurs because the session in traditional web and the session in reactive web are different, so when the user navigates between applications, if there is no session, he will be asked to do a login.


In my perspective, your best option is clearly upgrade your Platform Server version in order to use OutSystems Single Sign-On default capabilities.


As an alternative, you may take a look at this component: https://www.outsystems.com/forge/component-overview/7226/deprecated-sso-reactive-and-traditional-web

As described in the component, it is deprecated right now because it is no longer necessary since Platform version 11.8. Nevertheless, I believe you can still use it to achieve what you pretend.


Another alternative would be create a middle Blank Screen with the Anonymous Role and execute UserLogin Server Action in the Preparation of that screen. So instead of beeing redirected directly from Application A to Application B, you may redirect to this screen first just to execute the platform login. After the login, it is just necessary to redirect to the screen that you pretend (from Application B). However, keep in mind that this approach will raise a security issue, because someone who has access to this URL may get a valid session into Application B. This security issue should be properly addressed if you take this last approach.


I would try out the component first if I were you :)


Hope that this helps you!


Kind regards,

Rui Barradas

Hi Rui,


Thanks for your answer. 

It seems that basicly the component is creating a single/combined session for both applications. Could be a solution but I have to think for a moment whether implementing this solution makes sense because it will be a temporarily solution since platform will be updated eventually.

Last option is no option for us since the security of this is too risky.

Regards,

Bart

Hi, I have the same issue. May I know if you already resolved this? We tried using the Single Sign on but it doesn't work. Do we miss any configuration? Thank You in advance. 


Platform version: Version 11.9.2  

Hi Paul John Cezar,

At that time the update to the newest platform version was not planned yet. Therefore we created a solution by ourself (something like Rui suggested). We did not active the SSO yet. In my opinion it is the best to open a new ticket for this issue and see if people can help you from there. 

Goodluck!



mvp_badge
MVP

Hi Paul,

For Single Sign-On Between App Types setting to work properly, you need to:

  • Be on Platform Server version 11.8.0 or later (which you already are otherwise you wouldn't have that setting available)
  • Have HTTP Strict Transport Security (HSTS) enabled in LifeTime - Environment Security (which you already have by looking at your screenshots)
  • Check the box Secure Cookies in LifeTime - Environment Security for that specific environment
  • Check the box Single Sign-On Between App Types in Service Center - Application Authentication for the same environment
  • Apply the settings to the Factory

That should do it. And keep in mind this is a setting that needs to be configured per environment.

Regards,

Nordin

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.