Auth0 Home Blog Docs

SSO does not go smoothly

sso
#1

Hi!
I have two applications myapp.mydomain.com and myapp2.mydomain.com with universal login. When user log in to myapp and then click on link to myapp2 - universal login appears. This time without password field - just last time you log in with email. So user have to click the email field. I thought there should not be this universal login form at all while switching between apps. The form appears only once but it is still annoying. Each app calls authorize() and store token in localstorage. Is there a way to get rid of the universal login form while switching the app.

Should I create new applications to dashboard or just edit existing app config?
#3

Based on your description, in particular, the fact that you get a last time you… option, the most likely explanation is that your tenant does not have enabled seamless SSO which would mean an immediate redirection.

Go to the Tenant Settings page in the Auth0 Dashboard, and click the Advanced tab. After Scroll to the Log In Session Management section, locate Enable Seamless SSO , and enable the toggle.

You may not see the toggle I mention above which in that case it means you do not have a legacy tenant and as such the option is enabled by default. In that case we may need to troubleshoot the situation further, but the first step would be to check if you have the toggle and if it is enabled.

#4

I don’t have that SSO toggle, but I see in config the line “sso_disabled”: false, and suppose that it SSO was enabled by default.
By the way, SSO works on localhost when apps are running on different ports localhost:3100 and localhost:3300.

#5

Can you share an HTTP trace that includes all requests since visiting the first application until you get the unexpected last time you… option in the second applications?

Be sure to redact any sensitive information like passwords and session cookies.

#6

Here is stack trace for auth0 request https://gist.github.com/mgdskr/05587e05aca451f505fb5e76973c1466 and this one is the stack for all requests https://gist.github.com/mgdskr/08581b82e03b88bb45ae86bb5bcad3c2

#7

From the sequence of request I only see one request to /authorize when I would expect two (one for each app), however, from the client identifier included I can see that the associated tenant does not have the SSO tenant setting enabled.

Can you check again in the tenant advanced settings; you should be seeing the toggle I mentioned before. If possible share a screenshot of what you see in the advanced settings for the session management part.