Resource Owner Password Credentials flow - SSO

By: Carl Buxbaum user 08 Jan 2016 at 12:54 p.m. CST

3 Responses
Carl Buxbaum gravatar
Hi, somehow I do not think this is possible, but wanted to ask regardless: I have been informed that at this point our simple requirement is to have our applications collect credential information and pass it to the authentication server to get a token. I determined that Resource Owner Password Credentials flow, while not advised, as it passes credentials over the wire and defeats the purpose of openid connect/jwt, is what I need. I have implemented a proof of concept for this, and have begun to wonder about doing SSO within this framework. Is there any way to take the token that I receive from the gluu server, and redirect to the server, such that the token is parsed and a the user validated without a further challenge? That way, the cookie from the auth server will be written into the browser, and can be used for SSO. Thanks, Carl
None
closed

Answers

By Michael Schwartz Account Admin 08 Jan 2016 at 1:02 p.m. CST

Copy
Michael Schwartz gravatar
Did you see this page: on [OAuth2 Grants](http://www.gluu.org/docs//admin-guide/openid-connect/oauth2grants/)

By Carl Buxbaum user 08 Jan 2016 at 1:12 p.m. CST

Copy
Carl Buxbaum gravatar
Yes, I saw, and implemented. Thanks. The thing is when I login this way, the browser never visits the auth server, and thus does not get a cookie. So there is no SSO. I was wondering if there was some susequent redirect that I could use, with the access token, that would allow the user to get the SSO cookie without being challenged on the auth screen.

By Michael Schwartz Account Admin 08 Jan 2016 at 4:30 p.m. CST

Copy
Michael Schwartz gravatar
No, I don't think so. The access token only allows you to retrieve user_info. To establish the SSO session in the browser, I think you'll need to use authorization code flow. Have you looked at oxd? [Wiki Page](http://ox.gluu.org/doku.php?id=oxd:rp) [rpm](http://repo.gluu.org/centos/testing/gluu-oxd-server-3.0.5-SNAPSHOT~1.el6.noarch.rpm) [deb](http://repo.gluu.org/ubuntu/pool/main/trusty-devel/gluu-oxd-server_3.0.5-SNAPSHOT-3_all.deb) [Java Library](https://github.com/GluuFederation/oxd/tree/master/oxd-client) [Python Library](https://github.com/GluuFederation/oxd-python) [PHP Library](https://github.com/GluuFederation/oxd-php)

Post an answer