Single Sign-On Not working

Help
,
1

I have a web application built using Blazor Server on ASP.NET, with several collaborating applications providing different aspects of the full solution.

I am trying to use Auth0 SSO to handle authentication and allow the user to sign in just once and then navigate between the different apps seamlessly - exactly what I understand Auth0 is there to do.

So far I have added Auth0 SSO to two of the apps, and am trying to get them to share the authentication, but both seem to authenticate entirely independently.

Both are configured to the one Domain and Client ID that I have defined. The app is configured in Auth0 to use Username-Password-Authentication (Auth0’s database), and I’ve had to add each apps’ particular login and logout URLs to the ‘allowed’ lists - so each app works fine, but they work entirely independently.

I’ve trawled through the various documents linked to in the posts below, but am no closer to understanding what I am missing. Anyone have any pointers beyond the links covered in the below posts? Because I feel I need some other perspective here.

Posts reviewed so far…

https://community.auth0.com/t/single-sign-on-not-working/39389
https://community.auth0.com/t/automatic-login/16811?
https://community.auth0.com/t/switching-between-apps-auth0/20196
https://community.auth0.com/t/sign-into-two-different-apps-within-same-tenant/35846

2

Hmm. I might have found a fix for the issue - though I can’t say I understand why it works.

I had configured the two apps to use different ASP.NET Session cookies, as that seemed the logical thing to do. By changing them so they both use the same Session cookie, the SSO seems to work (though logging out of one app doesn’t log out of both; I recall reading that handling logout is a complex issue and I haven’t explored that in greater detail yet, so that’s fine).

So now I am wondering - is it a requirement of SSO that all apps use the same session cookie? That doesn’t seem right to me, but again I’m probably missing something.