Hi Hironobu,
Since the app servers for your apps are not necessarily the same, the only way to achieve this is if your IdP for each app is the same and it saves information in the browser to maintain user information. I know of at least two implementations that do this. Some servers that support both SAML and OIDC will even maintain sessions that are valid for both OIDC and SAML logins. In other words: App A uses an OIDC RP and the user logs in. App B uses a SAML SP to the same IdP (the RPs OP); the user is not prompted to login again.
Do you know the implementation of your IdP? You may be able to find information about your IdP to see what they do. Alternatively, you could just try it with sample apps and see what happens.
------------------------------
Barbara Jensen
------------------------------
Original Message:
Sent: Fri March 04, 2022 12:10 PM
From: HIRONOBU TAKAMATSU
Subject: SAML propagation using WAS Traditional
- Background
- 3 Web applications on different systems: App A, App B, App C
- All apps are on different domains
- App B runs on WAS Traditional
- Web application servers for App A and App C are unknown
- Want to integrate all 3 web applications with SSO
- App A and B will be SSO integrated using SAML, App A as IdP and App B as SP.
- User is to log on to App A with userid and password, but NOT to enter id/pass when using App B and App C.
- User logs on to App A -> Click on a link to App B which will open a new browser tab or window.
- Within App B there are menu which opens App C on a new browser tab or window, OR App B internally calls App C APIs and show response within App B.
- Q1. Is this possible to do SSO integration with App C using SAML propagation as above?
- Q2. If Q1 is YES, what are the requirements of App A, B and C to realize this?
- Q3. If Q1 is YES, what are the limitations or restrictions for this configuration?
- Q4. Are there any other ways to integrate 3 apps with SSO that satisfy above requirements?
------------------------------
HIRONOBU TAKAMATSU
------------------------------