I have these 2 domains, say admin.example.com for admin and example.com for normal users.
I made a rule to to check for clientID and role of the user to prevent from logging in which throws invalid error,.The problem arises when Admin users logs in in admin.example.com, and then the user tries to login in example.com it shares the session/login details of admin user, it triggers the rule and invalidates the user(which is as expected). So my question is how do I prevent sharing sessions between multiple domains?
So far what I’ve found is that it’s the behaviour of SSO, but I can’t seem to find option to disable it.