Is there any session token from Okta SAML IDP service that can be reused to login from different app?


In our case, we have two completely different web apps running on two different domains and platform say app X (which also acts as SAML Service Provider) and app Y. In app X’s login page, the user can choose Okta as SAML SSO service provider, which inturn will redirect him to Okta for credential authentication. Then app X will recieve the SAML Response to verify the assertion and let the user login in to app X.

Now in app X, the the already logged in user can click another link to app Y. The click triggers an HTTP GET request to app Y along with a HTTP Parameter that contains a token (the token was supposed to be recieved from Okta along with either the SAML Assertion recieved by app X OR app X can make any request to Okta to get a special token after it recieving SAML Assertion through some other API exposed by Okta). Now the app Y should use that token to verify with Okta via some custom Okta API service or any other mechanism provided by SAML (that I am not positive).

Is this doable?, if so, someone please guide me in the right direction.