0

We have a roll your own WIF STS SSO implementation.

We have 3 RPs connecting to a STS.

When a user accesses RP1, he is redirected to the STS and able to authenticate. After successful authentication he navigates to RP2 or 3 (via RP1), and is redirected to the STS again to log in again. After this the user is able to navigate between the RPs freely. Needless to say, we only want the user to log in once.

I believe this is a cookie issue as, upon authentication, a fedauth cookie is only created for the RP and none for the STS. From my understanding the STS should also create a cookie, signifying that the user has been authenticated.

The audience URIs in the web.config are all correct.

Any advice will be appreciated.

Swifty
  • 1,422
  • 2
  • 18
  • 38

1 Answers1

1

Using ADFS as an example, there are cookies for the RP (FedAuth in WIF) and cookies in ADFS (MSIS*).

  • So user --> application A
  • Redirects --> ADFS - authenticates
  • Two cookies; one on each side
  • So user --> application B
  • Redirects --> ADFS
  • Sees auth cookie so creates cookie for B
  • Seamless login
rbrayb
  • 46,440
  • 34
  • 114
  • 174
  • Yes, this is what is suppose to happen, but for some reason the STS does not create a cookie. I'm trying to figure out why this is. – Swifty Jun 20 '16 at 04:47