Hoping the community can offer some recommendation for an SSO scenario we are being asked to offer to a client of ours. As a disclaimer, I realize this scenario is not best practice in any form, our first approach is to request said client to integrate with a true identity provider, however, assume that is not possible…
Using Auth0 what would be the best way to handle the following:
Our SaaS product uses Auth0 and we’ve done many integrations with both social and enterprise identity providers (Google, WAAD, Azure B2C, etc.). This all works great and is all handled in the Auth0 space using hooks, rules, social connections, etc. We have a new client that uses ASP.Net membership in their “portal” which they’d like to provide an SSO link into our system without having to change their authentication process.
What has been suggested is an agreed upon HMAC that we could “handle” and SSO the user into our system provided all other HMAC criteria is valid. What I am struggling with is what combination of Auth0 “integrations/hooks/rules/connections” could best facilitate this without having to stand-up some sort of one-off route in our system that could validate the HMAC, create the user in Auth0, acquire the token and redirect them in with valid claims.
I look forward to, and appreciate, any suggestions the community may have. Part of me feels like I’m missing the obvious here.