The configuration for the SSO ticket use case is based on the use cases for weak-app and strong-app but it requires additional configuration.
- The SSO ticket needs to be configured.
- The strong authentication flow needs to be flexible to handle both authentication scenarios, with and without SSO ticket.
- Resource endpoint configuration (SSO ticket)
- Go to:
Loginapp >> OAuth 2.0/OpenID Connect AS Settings >> Authorization Servers >> {{AS-Id}} >> Resource Endpoint - Create and edit an OAuth 2.0 Resource (AS-centric) plugin with
- Resource Name: A name that will be used in the URL to access the resource.
- Resource Providers: Create and edit an OAuth 2.0 SSO Ticket Resource (AS-centric) plugin.
- Optionally configure Resource Scopes to limit access
- The resource endpoint will return sso-tickets.
- login_hint configuration
- Go to:
Loginapp >> OAuth 2.0/OpenID Connect AS Settings >> Authorization Servers >> {{AS-Id}} >> OAuth 2.0 Grants/OIDC Flows >> OIDC Authorization Code Flow - In the section Flow Settings configure an OIDC SSO Ticket Login Hint Flow Settings plugin in the Login Hint parameter.
- SSO ticket processing in the authentication flow
- Go to:
Loginapp >> Authentication Flows >> Applications >> {{Target Application}} >> Authentication Flow - Replace the initial Username Password Authentication Step with a Selection
- Selection Option 1: Configure a SSO Ticket Authentication Step with a Request has SSO Ticket condition
- Selection Option 2: Configure the Username Password Authentication Step with a Logical NOT of Request has SSO Ticket condition
- This configuration determines the correct authentication method without user interaction.