Last remembered user

Hello all, My issue is two applications are using the same api
1.Logged in to Site A as user A
2.Logged in to Site B as user B

But if i logout of Site A i am seeing user B details instead of user A

Did anyone had same issue? Any help is appreciated.

Hey there @sailajar, when you get a chance can you direct message me a HAR file of the stated workflow you described along with your tenant names and test account email addresses used. Please let me know if you have any questions. Thanks!

After talking with our Support team it came to question why are there two separate users logging in via the same session to the same tenant. If you could please detail your use case a bit more we may be able to provide more assistance in working towards your desired result. It’s also important to be sure that during the logout procedure that we are effectively logging out the leaving user from their previous session which I have linked the docs for below. Thank you in advance.

HI there @sailajar, I wanted to follow up and see if you had any additional questions on this subject. Thanks!

Hi James, Its not like two different users logging in using same session. Of these two applications one is admin application and,so user is logging into the admin to make few settings and logs back to other application and by then the token is expired and the login page with last remembered user is shown and that user is from the admin application.

Note - We are using lock for our login page and these applications are in the same tenant and sharing the same api.

Hey there @sailajar, I reached out via a DM with some more details. When you get a minute can you give that a look? Thanks in advance!

I was hoping to follow up @sailajar and see if you got a chance to take look at the direct message I sent you. Please let me know if you have any questions, thanks!

Hello James thank you so much for replying. This issue was prioritized less for now.
But i have few question regarding Auth0 SSO. where Auth0 application is Identity provider and SSO into SP –

  1. SP accepts only Base64 encoded in a name/value pair of SAMLResponse, how can we do that setup in Auth0 ?
  2. SAML request should have a constant attribute that is not related to the userprofile, How can i configure that?

Any help is appreciated



After checking with our support team I have been able to confirm the following:

This should be covered because the assertions will be posted to ACS/Callbacks via html.

This can likely be resolved through SAML Assertion via a rule

Please let me know if this helps you in your quest or if you have any additional questions. Thanks!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.