I don’t notice any redirects going on after login, but I doubt that they would redirect to every system requiring SSO after a user logs in. I can log into any part of New Relic’s website and Discourse is logged in automatically.
@rasheedamir I have not implemented anything, it’s not yet a priority so decided to put it in the back seat. If you do find a clean solution in your search I would very much appreciate if you could let me know how you did it.
So I am trying the following:
Client logs into my app via Auth0 authentication.
On successful authentication, an Auth0 rule kicks in and makes a callback to a page in my app which has a hidden iframe. This hidden iframe simply does a login to disclosure, so when the client clicks on the forum link he will already be logged in.
I am encountering a problem with the payload that is being sent to the disclosure sso URL.
The “nonce” is invalid/timed out.
Since the login is not being initiated via disclosure, I am generating a nonce in my Auth0 rule and sending that back as part of the payload to the disclosure sso URL.
Im unclear on how the nonce works so would appreciate some assistance. Is there a way to disable the nonce check in disclosure? if not, what do I need to do to get this to work?
I imagine disclosure is rejecting the sso login attempt because the nonce it received is one that it did not send in the first place.