How to implement SSO?

[edmundday]

Can someone point me in the direction of how to get single sign on to work?
I have created a clone of simple-web-app and created clients for both. But both require me to login using their respective clients.

I thought the whole point of this was SSO. What am I missing?

TIA!

[kabiliravi]

@edmundday You can find the same feature in this project, just make sure you understand this flows and the sequence of calls.
https://auth0.com/blog/what-is-and-how-does-single-sign-on-work/

There is a course in pluralsight you can take:
https://www.pluralsight.com/courses/oauth2-json-web-tokens-openid-connect-introduction

Unless you do not learn the whole idea behind Open ID Connect and OAuth2, you cannot apply it in your project in the right way.

[jricher]

It depends on what you mean by "single sign on". What OIDC does is allow to use the authentication from one system (the IdP) at another system (the RP) to log in. More or less it says if you've logged into the IDP then you can log into the RP. The OIDC protocol doesn't say how you log into the IdP (MITREid Connect defaults to a username/password), nor does it say if the RP requires any additional interaction to do things like select an IdP (which is the default mode of the simple-web-app demonstration application). If you want a smoother experience, you can do things like configure the client library used by simple-web-app to always point to the same IdP instead of prompting the user to discover it.