Universal login implementation with multiple domains

I’m just going through the Auth0 universal login(Universal login - SSO between multiple apps - Auth0) page. It has this image that two web applications (www.acme.sport and www.acme.media). That two web applications are login the users by a single login page(accounts.acme.com). This is the requirement I want to add my project. I’ve gone through much auth0 documentation but I’m not able to to find any example related to the above requirement. Please Can anyone tell me how to implement that or point me in some direction?

Thank you!

Hi @tharindukw96,

By default, the Universal login page would be hosted on a site like https://<YOUR_TENANT>..auth0.com/

You can change this by configuring a Custom Domain to allow you to host the universal login page on a subdomain of your own domain.

e.g. for the domain acme.com, you could have account.acme.com.

This universal login page can be used for all of the applications you configure, you just need to begin an /authorize call with a “redirect_uri” back to the app being logged into so the user is sent back to the right place after authentication.

Please see here for some more information on the various authentication flows available: Authentication and Authorization Flows

Hello @sgo,

Thank you very much for the details.

I’ve created a tenant with two applications (Without a custom domain for universal login). I configured my two PHP applications by following this doc page. I require to configure the single sign-on between my two PHP applications. I’m quite confused because the users can log in to the applications seperately. Auth0 is not identify the current login user from the other application. When I checked the networks there was a 404 for ssoData.

Request URL:https://papacambridge.eu.auth0.com/user/ssodata
Request Method :GET
Status Code: 404

Did I go through the correct configuration or I need to add a parameter for enabling SSO to Auth0 SDK?

Thank You!

The ssoData is a legacy response still in use by some older Auth0 tenants, by default all tenants now use ‘Seamless SSO’. You can ignore the 404 for that endpoint.
Seamless SSO means that no prompt is shown to the user if they already have a valid session (and they presented their auth0 session cookies in the authorize request).

So you should be finding that if a user has already logged into one PHP app, when they attempt to login on the second app on the same tenant, it would direct them to Auth0, and then be immediately redirected back as they already have a session, without needing the user to enter their credentials again.

If you are seeing differently, your browsers may be stripping the Auth0 cookies required to allow the SSO to work, if the cookies are seen as 3rd party. Setting up a custom domain on your tenant should stop the cookies from being treated as 3rd party by the browser and allow them through however. You could also test this by enabling 3rd party cookies on your browser to check it works.

2 Likes

Hi,

I have similar setup 2 apps (different domains), same tenant, custom domain, SSO enabled.
If I login in one app then I have to login in the app as well. They are not sharing same login information.

Please advise.

The problem for me was:

I was using prompt=login option for loginWithRedirect.
This will always show the login prompt even if there is a valid session on the server.
Just removed prompt=login option and it works now.

Hope this helps to anyone else

Hi @sukru.avcuoglu

Welcome to the Auth0 Community!

Thank you for the update on the solution to your issue and for sharing knowledge across the community!

Dawid

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.