Signing and Signing out issue with Single Sign On on Application A (OpenId Connect method) and Application B (SAML method)

Hello,
We have 2 applications using the SSO from OKTA.

Application A signs user in using the Sign In widget and OKTA.ASPNet middleware by OpenId Connect method.

Application B (Sisense) uses the SAML to sign the user in.

We are trying to establish the SSO between this 2 applications and having some issues as explained below.

Question (Issue) 1:
When I am signing in into the Application A, it automatically signs a user into the Application B, but vice versa doesn’t work. When I am signing into the Application B then it does not signs me in into the Application A. Can you please advise on this?

Question (Issue) 2:
When I sign out from either of the application it is actually signs out from that application from which we clicked the sign out button but it is not signing out from the other application. The session is still active on the other application. FYI,We are using this information and following everything mentioned in this link: https://developer.okta.com/docs/guides/sign-users-out/aspnet/sign-out-of-okta/

But still Sign out event is not signing out from all the applications.

Can you please advise on these above 2 issues?

Thank you in advance for your time and consideration.

Regards,
Jaynish Patel

Hi @jaynishp

When I am signing in into the Application A, it automatically signs a user into the Application B, but vice versa doesn’t work. When I am signing into the Application B then it does not signs me in into the Application A. Can you please advise on this?
Based on the environment described, Application A requires Okta to send an authorization code flow in order to authenticate the user. You can check through CORS if the user is authenticated in your Okta org (eg. by doing a request to /api/v1/users/me and checking for “id” in the response body) and, if yes, redirect him to the authorization endpoint in Okta. This will offer the possibility for the user to authenticate automatically in Application A if he logged in already to Okta and to Application B.

When I sign out from either of the application it is actually signs out from that application from which we clicked the sign out button but it is not signing out from the other application. The session is still active on the other application. FYI,We are using this information and following everything mentioned in this link: https://developer.okta.com/docs/guides/sign-users-out/aspnet/sign-out-of-okta/
To achieve this use-case, you need to log out the user from one of the applications and then log the user out from Okta. When the user will access the other application, you need to check if a session is present in Okta (same as above) and, if not, clear the session in the application.

Hello,
We are trying to Sign out the user from the application and it should sign out that user from all the application.
To implement this we referred this link: https://developer.okta.com/docs/guides/sign-users-out/aspnet/sign-out-of-okta/
We are using OKTA.AspNet middleware with SignIn Widget in order to login the user on our self-hosted login page.

Please review the code below for your detailed understanding of the issue:

Code for Sign In in the Controller:

public ActionResult Login(FormCollection form)
        {
            if (!HttpContext.User.Identity.IsAuthenticated)
            {
                var properties = new AuthenticationProperties();
                properties.Dictionary.Add("sessionToken", form.Get("sessionToken"));
                properties.RedirectUri = "/Member/Locations";

                HttpContext.GetOwinContext().Authentication.Challenge(properties,
                    OktaDefaults.MvcAuthenticationType);

                return new HttpUnauthorizedResult();
            }

            return RedirectToAction("Index", "Home");

        }

Login View where we have added Sign In Widget:

This is our code for Sign out:

        {
            if (HttpContext.User.Identity.IsAuthenticated)
            {
                HttpContext.GetOwinContext().Authentication.SignOut(
                    CookieAuthenticationDefaults.AuthenticationType,
                    OktaDefaults.MvcAuthenticationType);
            }

            return RedirectToAction("Login", "Account");
            

        }

Can you please advise on why this is not working?
As per the details on the above link, this should sign out of all the applications where the user is active.

Thank you,
Jaynish