Hi
I am using onelogin library for SSO with Okta using SAML.
My question is how is session managed in such cases?
Mine is a legacy app and currently relies on app sessions.
TIA
When a user logs into your app via SSO, the identity provider creates a session for the user and provides your app with a SAML assertion that includes information about the user and their authentication status. Your app can use this information to create a local session for the user if needed (it sounds like that is what you are doing).
I haven’t used the OneLogin SDK before, but you can find information about Okta SDKs, you can visit the Okta Developer website. Here, you will find comprehensive documentation, guides, and resources to help you get started.
Thanks @adam_okta
Yes, that’s what I have implemented, keeping local session.
Now when Okta session is terminated before my local session, how is that conveyed to the application? Currently my application has no way to know.
Another observation I had was when I go to Okta at every request, after a couple of minutes, session affinity breaks on my app. I would expect to it to break from the get go but first few requests I can see that those have same session id.