The configuration for the SSO ticket use case is based on the use cases for weak-app and strong-app but it requires additional configuration.
- The SSO ticket needs to be configured.
- The strong authentication flow needs to be flexible to handle both authentication scenarios, with and without SSO ticket.
- Resource endpoint configuration (SSO ticket)
- Go to:
Loginapp >> OAuth 2.0/OpenID Connect AS Settings >> Authorization Servers >> {{AS-Id}} >> Resource Endpoint - Create and edit an OAuth 2.0 Resource plugin with:
- Resource Name – a name used in the URL to access the resource.
- Resource Providers – create and edit an OAuth 2.0 SSO Ticket Resource plugin.
- Optionally configure Resource Scopes to limit access.
- The resource endpoint will return SSO tickets.
login_hint
configuration- Go to:
Loginapp >> OAuth 2.0/OpenID Connect AS Settings >> Authorization Servers >> {{AS-Id}} >> OAuth 2.0 Grants/OIDC Flows >> OIDC Authorization Code / Hybrid Flow - In the section Flow Settings configure an OIDC SSO Ticket Login Hint Flow Settings plugin in the Login Hint parameter.
- SSO ticket processing in the authentication flow
- Go to:
Loginapp >> Applications and Authentication >> Applications >> {{Target Application}} >> Authentication Flow - Replace the initial Username Password Authentication Step with a selection:
- Selection Option 1 – configure a SSO Ticket Authentication Step with a Request has SSO Ticket condition.
- Selection Option 2 – configure the Username Password Authentication Step with a Logical NOT of Request has SSO Ticket condition.
- This configuration determines the correct authentication method without user interaction.