Basic SSO config with custom login page clarification

jfindlayc · May 13, 2021, 1:38am

Hi,

I’m looking to implement SSO between two Applications using a custom login page (hosted on the auth0 domain), both on the same tenant and using the same database connection and both hosted on the same domain, like so:

abc.mydomain.com
xyz.mydomain.com

The login page customization is configured via the dashboard - Branding → Login → Customize Login Page and utilizes Auth0.js.

Based on what I’ve worked out, the two ways I could go about implementing SSO between these two domains are:

Switch to Universal Login (My understanding is that SSO using Universal Login will fail with browsers that have disabled third-party cookies)
Utilize a Custom Domain (a paid feature)

Am I correct in these assumptions?
Is there another way outside of the these two options?

I have looked into SAML, but it is unclear based on my research whether or not configuring it would work for my usecase, or if it is specifically for SSO integrations with outside services. Would configuring Auth0 as both an identity provider and service provider via SAML allow for SSO without needing to abandon our customized login pages or implement custom domains?

Much appreciate any help one could provide!

john.gateley · May 13, 2021, 2:04pm

Hi @jfindlayc

First, you ARE using Universal Login - that is the branding → login pages.

This gives you SSO. There are certain situations where 3rd party cookies can be an issue, but normally they are not. The session is hosted in the Auth0 domain, so it is not 3rd party.

You do not require a custom domain for this.

So you should have SSO already, it should be working.

John

jfindlayc · May 14, 2021, 1:36am

@john.gateley Thank you for the reply!

That’s good news, I did some fiddling yesterday and managed to get SSO working by adding an initial call to getTokenSilently with the auth0-spa-js, but my new problem is that after logging out with the signOut method, the getTokenSilently call immediately logs me back in. I imagine I have some misconfiguration somewhere, would you have any idea what it might be? Would the auth0-spa-js repository be a more suitable place to ask?

Thanks again!

jfindlayc · May 14, 2021, 6:19am

Was able to work out that it was a code error on my end! Thanks for the help.

konrad.sopala · May 14, 2021, 7:02am

We are here for you!