I am new to SSO and trying to integrate SSO from App-B to App-A using OIDC federation, where:
- App-B uses Auth0 as its Identity Provider (IdP)
- App-A uses Amazon Cognito as its IdP
- Cognito is configured to federate with Auth0 as an external OIDC IdP
- The OIDC connection is working — the correct issuer URL, client ID, client secret, and endpoints from Auth0 are set in Cognito.
Issue:
- A user logs into App-B(app-b.com) using App-B’s custom login screen (not Auth0’s Universal Login).
- The user then clicks a link from App-B to access App-A(app-a.com).
- This triggers Cognito to redirect the user to Auth0 (the configured OIDC IdP).
- However, the user is then shown Auth0’s universal login screen (e.g. https://dev-rtzntglnlqlrabap.us.auth0.com/u/login), rather than being seamlessly redirected into App-A.
Expectation:
Since the user is already authenticated in App-B (which uses Auth0 behind the scenes), we expected the SSO flow to proceed without showing the Auth0 login screen again when redirecting to App-A via Cognito.
What We Suspect:
We understand that:
- App-B uses a custom login screen(app-b.com/login), not Auth0’s Universal Login.
- Therefore, no Auth0 session cookie is created.
- As a result, when Cognito redirects to Auth0 for login(e.g. https://dev-rtzntglnlqlrabap.us.auth0.com/u/login, Auth0 does not detect an existing session and prompts for credentials again.
Question:
How should I resolve the issue in this scenario to achieve SSO between App-B (Auth0) and App-A (Cognito), when:
- App-B uses a custom login screen (not Universal Login)
- We want users already logged in to App-B to seamlessly access App-A via the federated
- Auth0 → Cognito flow
App-A’s cognito has little control and we want to make the changes in App-B(auth0) and custom login screen.