I’m using AWS Cognito as OIDC <> Auth0 as SAML-IDP (idp-initiated) <> SP.
I have a web-app which has login mechanism with AWS Cognito pool,
and I’m trying to redirect logged-in customers to third-party URL (which requires log-in as well, SAML).
I have setup Auth0 OpenID Connect (AWS Cognito - see image below), which seems to work well (users are synced from my user-pool with Auth0/User Management/Users).
When i’m redirecting my logged in users, I redirect them to Auth0 Identity Provider Login URL (i.e: dev-APP.us.auth0.com/samlp/SOME_APP?connection=AWSCognito)
the problem i’m facing is that for the first time - user is required to log-in again (to cognito) although he was already logged in (see image below).
I was trying to follow up the requests made after redirection to Auth0 Provider Login URL and it seems that /authorize URL on cognito is the issue (https://XXXXX.auth.us-east-1.amazoncognito.com/oauth2/authorize)
what am i’m missing here? is there any way to skip that step?
thanks!
tried to redirect directly to cognito hosted UI https://<yourDomainPrefix>.auth.<region>.amazoncognito.com/login?response_type=token&client_id=<yourClientId>&redirect_uri=<redirectUrl> and still requests a re-login
From what I understand, once the user is redirected to the 3rd party URL, you are looking to implement Seamless SSO between those apps. The issue appears to be that your 3rd party app is a separate application which does not check if the user is registered with Auth0 or with your application.
