I created a support ticket with Okta but I thought I would ask the community for some advice as well. I have taken 2 Okta sample applications and done some testing around SSO because I was having trouble implementing SSO in my own application. Let’s say we have 2 .net core simple apps, both using the Okta hosted login page.
- Launch both apps. Open up app #1.
- Click login, get sent to Okta login page
- Login, get sent back to app
- Go to the other app, click login
- Get sent to Okta login page. Okta sees you are already authenticated and then sends you back to app #2.
- Once back at app #2, this fails:
HttpContext.User.Identity.IsAuthenticated)
So, a challenge is issued, which sends you back to the Okta login page… which thinks you are logged in and sends you back… thus starting a never-ending loop.
I found this very odd so I started doing some digging and decided to start over again but instead use 2 projects that both used the Okta.Aspnetcore package (before one was using that and one was using the OpenIdConnect library built into .net). Now I don’t have the problem from before, but instead what happens is anytime you login to one app, it logs you out of the other app - which is so strange.
So ultimately I have 2 questions:
- Has anyone seen this behavior before and, if so, were you able to fix it?
- How would one go about building SSO if I wanted to do a self-hosted login?