Cross Browser SSO?
cantor.2 at osu.edu
Thu May 9 19:29:56 EDT 2019
On 5/9/19, 4:59 AM, "users on behalf of Harald Strack" <users-bounces at shibboleth.net on behalf of hstrack at ssystems.de> wrote:
> Voila, SSO accomplished. What do you think? Would this be a decent
> working architecture or should we avoid such a solution?
I think you should avoid trying to invent a protocol. Throwing bearer tokens around is a good way to end up with a serious security problem. If you want a better experience, I'd look at something like U2F or WebAuthn with more well-understood security properties.
More information about the users