Overview
This article provides a potential cause for login sessions failing to persist, leading to Single Sign-On (SSO) failures.
Applies To
- Single Sign-On (SSO)
- Login session
- Authorization Request
Cause
The authorization call for this process is similar to the one below:
/authorize?client_id=...&scope=openid+profile+email+offline_access&redirect_uri=...app2.test.com&audience=h...&prompt=login&login_hint=&cookieDomain=.test.com&response_type=code&response_mode=query&state=...&code_challenge=...&code_challenge_method=...&auth0Client=...
The parameter prompt=login in the authorization request causes this behavior. Its primary purpose is to force the user to re-authenticate, even if they have an active session with the authorization server.
Solution
To allow user sessions to persist between logins, remove the prompt=login parameter from the authorization request.