Auth0 Home Blog Docs

Impersonation and SSO

sso
authentication_api
impersonation
angularjs
aspnet-mvc

#1

We have two applications (app1, app2) where both are implemented as ASP.NET MVC and AngularJS applications.

Currently, we allow administrators to impersonate users into app1 and have recently added app2 into the system where we would like our impersonated user to transition between app1 and app2 without having to sign in again.

However, we are unable to get single sign on working when navigating to app2 as the impersonated user. If we were to sign into app1 (not impersonating), we can navigate to app2 and SSO works without any issues.

The impersonation logic has been implemented by the Authentication API.
https://auth0.com/docs/api/authentication#impersonation

The SSO logic has been implemented by using Auth0.js v7.6.1

auth0.getSSOData(function (err, ssoData) {
	if (!err && ssoData && ssoData.sso) {
		auth0.login({
			connection: ssoData.lastUsedConnection.name
		});
	} else {
		lock.showSignin({
			authParams: {
				scope: 'openid profile'
			},
			callbackURL: '@ViewData"auth0CallbackUrl"]',
			closable: false,
			disableResetAction: false
		});
	}
});

Is there a specific request parameter that needs to be included when calling the impersonation API to enable SSO?


#2

To my knowledge, impersonation is not supported in the getSSOData method; but I might have missed something. This observation is consistent with the information you provided where you seem to recently added a second application and you’re now having to deal with this for the first time so I’m assuming the method in question also never worked for you.

As an additional note and based on a quick test you should be able to leverage an existing session started with impersonation if you make use of prompt=none request to the /authorize endpoint. For more information on this see:

https://auth0.com/docs/api-auth/tutorials/silent-authentication#initiate-a-silent-authentication-request


#3