Openid Connect single sign on external web sites











up vote
1
down vote

favorite












I read about saml and openid connect on the web.



I am trying to implement asp.net mvc project with following requirements.




  1. User logins my website.


  2. User clicks external site link(ex trello.com) and redirected to external site login page.


  3. After sign in a consent screen opens with predefined scopes.User approves and return back to my site.


  4. Id token and access token are received.



To my knowledge, until now you can proceed with openid connect.



However I can't figure out how I can accomplish following requirement with openid connect.




  1. After granting access (previous steps via authorization code flow) whenever user logins my site and clicks external site link, user will be automatically signed on external site. (Like Appdirect and Telstra do)


I know I can implement requirement 5 with SAML but I couldn't find a way to do with openid connect.










share|improve this question




























    up vote
    1
    down vote

    favorite












    I read about saml and openid connect on the web.



    I am trying to implement asp.net mvc project with following requirements.




    1. User logins my website.


    2. User clicks external site link(ex trello.com) and redirected to external site login page.


    3. After sign in a consent screen opens with predefined scopes.User approves and return back to my site.


    4. Id token and access token are received.



    To my knowledge, until now you can proceed with openid connect.



    However I can't figure out how I can accomplish following requirement with openid connect.




    1. After granting access (previous steps via authorization code flow) whenever user logins my site and clicks external site link, user will be automatically signed on external site. (Like Appdirect and Telstra do)


    I know I can implement requirement 5 with SAML but I couldn't find a way to do with openid connect.










    share|improve this question


























      up vote
      1
      down vote

      favorite









      up vote
      1
      down vote

      favorite











      I read about saml and openid connect on the web.



      I am trying to implement asp.net mvc project with following requirements.




      1. User logins my website.


      2. User clicks external site link(ex trello.com) and redirected to external site login page.


      3. After sign in a consent screen opens with predefined scopes.User approves and return back to my site.


      4. Id token and access token are received.



      To my knowledge, until now you can proceed with openid connect.



      However I can't figure out how I can accomplish following requirement with openid connect.




      1. After granting access (previous steps via authorization code flow) whenever user logins my site and clicks external site link, user will be automatically signed on external site. (Like Appdirect and Telstra do)


      I know I can implement requirement 5 with SAML but I couldn't find a way to do with openid connect.










      share|improve this question















      I read about saml and openid connect on the web.



      I am trying to implement asp.net mvc project with following requirements.




      1. User logins my website.


      2. User clicks external site link(ex trello.com) and redirected to external site login page.


      3. After sign in a consent screen opens with predefined scopes.User approves and return back to my site.


      4. Id token and access token are received.



      To my knowledge, until now you can proceed with openid connect.



      However I can't figure out how I can accomplish following requirement with openid connect.




      1. After granting access (previous steps via authorization code flow) whenever user logins my site and clicks external site link, user will be automatically signed on external site. (Like Appdirect and Telstra do)


      I know I can implement requirement 5 with SAML but I couldn't find a way to do with openid connect.







      asp.net-mvc oauth-2.0 openid saml-2.0 openid-connect






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 22 at 16:38









      Milo

      1,83551529




      1,83551529










      asked Nov 22 at 13:56









      user10687783

      62




      62
























          1 Answer
          1






          active

          oldest

          votes

















          up vote
          1
          down vote













          This is essentially SSO and SSO works like:




          • Application A authenticates with IDP X

          • Application B authenticates with IDP X


          When user goes to B, they are already signed on with the same IDP and so they don't see a login screen.



          But if user goes to:




          • Application C authenticates with IDP Y


          they will not get SSO.






          share|improve this answer





















          • Let me clarify. Imagine I made agreements with various web sites and they act like OpenID Provider.(Let's say trello.com,mailchimp.com) I initiated authorization code flow between my app and aforementioned websites.User granted some permissions to my app like reading user contacts and so on. I also should implement the following functionality ; whenever user logins my app and click let's say trello.com icon,user should be automatically logged into trello.com without needing an active session in trello.com(Requirement 5)
            – user10687783
            Nov 22 at 18:34












          • I think what I am looking for IdP Initiated SSO which openid connect doesn't support.Is it true ?
            – user10687783
            Nov 22 at 21:37










          • Yes - IDP Initiated is only SAML.
            – nzpcmad
            Nov 22 at 23:34











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53432557%2fopenid-connect-single-sign-on-external-web-sites%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          1
          down vote













          This is essentially SSO and SSO works like:




          • Application A authenticates with IDP X

          • Application B authenticates with IDP X


          When user goes to B, they are already signed on with the same IDP and so they don't see a login screen.



          But if user goes to:




          • Application C authenticates with IDP Y


          they will not get SSO.






          share|improve this answer





















          • Let me clarify. Imagine I made agreements with various web sites and they act like OpenID Provider.(Let's say trello.com,mailchimp.com) I initiated authorization code flow between my app and aforementioned websites.User granted some permissions to my app like reading user contacts and so on. I also should implement the following functionality ; whenever user logins my app and click let's say trello.com icon,user should be automatically logged into trello.com without needing an active session in trello.com(Requirement 5)
            – user10687783
            Nov 22 at 18:34












          • I think what I am looking for IdP Initiated SSO which openid connect doesn't support.Is it true ?
            – user10687783
            Nov 22 at 21:37










          • Yes - IDP Initiated is only SAML.
            – nzpcmad
            Nov 22 at 23:34















          up vote
          1
          down vote













          This is essentially SSO and SSO works like:




          • Application A authenticates with IDP X

          • Application B authenticates with IDP X


          When user goes to B, they are already signed on with the same IDP and so they don't see a login screen.



          But if user goes to:




          • Application C authenticates with IDP Y


          they will not get SSO.






          share|improve this answer





















          • Let me clarify. Imagine I made agreements with various web sites and they act like OpenID Provider.(Let's say trello.com,mailchimp.com) I initiated authorization code flow between my app and aforementioned websites.User granted some permissions to my app like reading user contacts and so on. I also should implement the following functionality ; whenever user logins my app and click let's say trello.com icon,user should be automatically logged into trello.com without needing an active session in trello.com(Requirement 5)
            – user10687783
            Nov 22 at 18:34












          • I think what I am looking for IdP Initiated SSO which openid connect doesn't support.Is it true ?
            – user10687783
            Nov 22 at 21:37










          • Yes - IDP Initiated is only SAML.
            – nzpcmad
            Nov 22 at 23:34













          up vote
          1
          down vote










          up vote
          1
          down vote









          This is essentially SSO and SSO works like:




          • Application A authenticates with IDP X

          • Application B authenticates with IDP X


          When user goes to B, they are already signed on with the same IDP and so they don't see a login screen.



          But if user goes to:




          • Application C authenticates with IDP Y


          they will not get SSO.






          share|improve this answer












          This is essentially SSO and SSO works like:




          • Application A authenticates with IDP X

          • Application B authenticates with IDP X


          When user goes to B, they are already signed on with the same IDP and so they don't see a login screen.



          But if user goes to:




          • Application C authenticates with IDP Y


          they will not get SSO.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 22 at 18:12









          nzpcmad

          27.8k2892142




          27.8k2892142












          • Let me clarify. Imagine I made agreements with various web sites and they act like OpenID Provider.(Let's say trello.com,mailchimp.com) I initiated authorization code flow between my app and aforementioned websites.User granted some permissions to my app like reading user contacts and so on. I also should implement the following functionality ; whenever user logins my app and click let's say trello.com icon,user should be automatically logged into trello.com without needing an active session in trello.com(Requirement 5)
            – user10687783
            Nov 22 at 18:34












          • I think what I am looking for IdP Initiated SSO which openid connect doesn't support.Is it true ?
            – user10687783
            Nov 22 at 21:37










          • Yes - IDP Initiated is only SAML.
            – nzpcmad
            Nov 22 at 23:34


















          • Let me clarify. Imagine I made agreements with various web sites and they act like OpenID Provider.(Let's say trello.com,mailchimp.com) I initiated authorization code flow between my app and aforementioned websites.User granted some permissions to my app like reading user contacts and so on. I also should implement the following functionality ; whenever user logins my app and click let's say trello.com icon,user should be automatically logged into trello.com without needing an active session in trello.com(Requirement 5)
            – user10687783
            Nov 22 at 18:34












          • I think what I am looking for IdP Initiated SSO which openid connect doesn't support.Is it true ?
            – user10687783
            Nov 22 at 21:37










          • Yes - IDP Initiated is only SAML.
            – nzpcmad
            Nov 22 at 23:34
















          Let me clarify. Imagine I made agreements with various web sites and they act like OpenID Provider.(Let's say trello.com,mailchimp.com) I initiated authorization code flow between my app and aforementioned websites.User granted some permissions to my app like reading user contacts and so on. I also should implement the following functionality ; whenever user logins my app and click let's say trello.com icon,user should be automatically logged into trello.com without needing an active session in trello.com(Requirement 5)
          – user10687783
          Nov 22 at 18:34






          Let me clarify. Imagine I made agreements with various web sites and they act like OpenID Provider.(Let's say trello.com,mailchimp.com) I initiated authorization code flow between my app and aforementioned websites.User granted some permissions to my app like reading user contacts and so on. I also should implement the following functionality ; whenever user logins my app and click let's say trello.com icon,user should be automatically logged into trello.com without needing an active session in trello.com(Requirement 5)
          – user10687783
          Nov 22 at 18:34














          I think what I am looking for IdP Initiated SSO which openid connect doesn't support.Is it true ?
          – user10687783
          Nov 22 at 21:37




          I think what I am looking for IdP Initiated SSO which openid connect doesn't support.Is it true ?
          – user10687783
          Nov 22 at 21:37












          Yes - IDP Initiated is only SAML.
          – nzpcmad
          Nov 22 at 23:34




          Yes - IDP Initiated is only SAML.
          – nzpcmad
          Nov 22 at 23:34


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53432557%2fopenid-connect-single-sign-on-external-web-sites%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          What visual should I use to simply compare current year value vs last year in Power BI desktop

          How to ignore python UserWarning in pytest?

          Alexandru Averescu