SSO experience between token based and cookie based application
Currently I have two applications with broken sso experience. Below is scenario :
Application 1 is Single Page Application, that uses Azure AD as an authorization end point and OAuth 2.0 implicit authorization grant to secure its web API back end (in short I refer this as Azure AD token base authentication) Almost similar to below flow :
Application 2 is a web application that uses OpenIDConnectAuthentication middleware in tandem with CookieAuthenticationMiddleWare and uses same Azure AD as authorization end point(in short I refer this as Azure AD cookie based authentication) Almost similar to below flow :
Is this broken SSO experience between application with token base authentication and application with cookie base authentication is expected ?
I accept I could have debugged and checked why and what before posting, but just wanted to see if its known issue before I go ahead with local code set up and all.
This is probably the best Azure Sample for achieving the experience you are looking for: https://github.com/Azure-Samples/active-directory-dotnet-webapp-openidconnect
You should not be prompted to enter the username and password a second time. At most you may have to click a second time to sign in but even that can be configured within the code. Here's a video my colleague and I made demonstrating how to set up this experience with two web apps using the Azure sample. Based on your description, this seems to be what you are looking to achieve.
- REST API service when called from azure APIM returning empty response body with Status code 200
- Need help getting Azure AD B2C SSO with Azure AD
- Unable to get all users from Microsoft Graph using Python SDK
- Azure AD, AuthenticationTicket Claims
- How to resolve 'invalid hostname for this tenancy' error when accessing Microsoft Graph API for multi-tenant app registration?
- How to get a list of users from azure graph API
- Az-GetRoleAssigments Not returning Data for DisplayName, SignInName & Object Type - Azure Powershell Runbook
- Integration of SSO using MSAL in Angular project gets 401 returned error after login
- Azure Active Directory passing empty GUID for tenantId with default template
- Sign in to Azure Account from VS Code
- AKV10032: Invalid issuer error when connecting to Azure Key Vault from App Service
- Get all user properties from Microsoft graph
- ASP.NET Azure AD / Entra Authentication - App roles in token, but not being assigned to principal
- How to do azure single sign on with next.js 14 and App Router
- Azure ClientCertificateCredential - Using SNI
- Entra ID Schema Extension with custom Namespace
- MSAL Node service & The Partner Center API
- KeyCloak Integration with Azure B2C UserName Mapping Issue
- is it posible to access Azure App Configuration via URL or conected some how as enviroment setting of App Service?
- Generate token fails for Azure app which is both client and API (client credentials workflow)
- Pulling "On-premises last sync date time" Azure user property using PowerShell
- Authenticating to Sharepoint Online Site via React SPA in MS Teams personal Tab
- Login failed for user '<token-identified principal>' while authorizing to SQL Server via Service Principal from AAD group assigned
- MSAL library fails to parse token in Chromium based browsers
- Office 365 Exchange Online permission is not visible for registered application in azure active directory
- Azure B2C IdP-Access Token fails with IDX10511: Signature validation failed
- EntraID: how to pass application roles downstream
- During signIn receiving B2C error code ‘AADB2C99059’
- How can I read local MS Teams status
- How to find the tenant where a multi-tenant AAD application was registered