Hi All,

We are trying to achieve the functionality of single sign-on using windows integrated authentication for reactive application.

Since we don’t have direct support for it in OutSystems Reactive web apps. We have done the following steps

Configuration changes: 

(Applications Authentication)

1. enabled Single Sign-On between App Types in service center.

(Environment Security)

2. Enabled HTTP Strict Transport Security (HSTS)

3.Force HTTPS for screens in Web Applications

Workaround

Created a Traditional Web App (App B) to do the windows integrated authentication by redirecting the request from the reactive app and back to it.

Actual Application Reactive web App (App A)

Authentication Application - Traditional web App  (App B)

The above setup works well in our dev region.

However, we have issue in the Quality environment as we have 2 deployment zones there . (Internal and External).

The external zone is restricted, and apps deployed there can be accessed only via WAF.(Our  application (App A) , the reactive one is deployed in this zone).

Due to this restriction we had to deploy the Authentication Application (App B) on the internal zone.

and by this  we are not able to get the single sign-on to work a we are unable to pass the authentication session between 2 deployment zones.

I would appreciate any suggestions on how we can solve this issue/ how to share the session across  zones?

Please  let me know.