I am following this Official GitHub Repo of self hosted embedded Sign-in widget.
Everything is working fine except the SSO functionality.
i.e. When I am logged in to okta dashboard with lets say UserA, and then open my app on other tab it still asks me to sign-up.
However when I first sign up to my application, okta dashboard automatically signs in.
How to check if there’s an active session going on, if yes, bypass the signup.
I’ve seen related tickets here and couldn’t find any specific to my environment of .Net.
Also, preferably i would like to know the solution in .net controller (If possible).
Thanks
One reasonably simple option is to set the “Initiate Login URI” for the application in Okta (where Okta will redirect when the user clicks on the app tile in their dashboard) to a route (potentially one specifically designed for this use case) in your application that will immediately attempt to make the /authorize request.
This would be sort of similar to what is already in place to handle Login in the AccountController in that sample, except that there won’t be a sessionToken available to pass into the properties (as that sessionToken is returned by the Widget when users log in through the self-hosted login, you only need that if there is not an active Okta session).
2 Likes
Hey @andrea thanks for the reply.
I am asked to strictly perform this task in MVC controller and not in the JS for some reasons.
Is it possible that I can somehow check if there is any cookie related to Okta on the browser and if yes check if it is active and if yes reuse it.
The problem I am facing here is that my app’s domain will be different (for now it is localhost) from Okta’s. And since I cannot read cookies from different domain it is impossible for me to check that.
I mean, at that point the user will only have an Okta session, but not an application session, so your application would still need to initiate the /authorize request to get an application session set. If you can get the app to make this /authorize redirect, then the Okta session will be validated on the Okta domain itself, so you won’t run into 3rd party cookie issues.