i'm struggling cors , sso configuration between 2 servers using ltpa key share.
cors calls server1 (domain1) server2 (domain2) work fine if don't have authentication on server2 (meaning cross domain ajax call works), doesn't if have.
the context is: web client logs domain1, 1 part of ui needs display data coming server 2 (domain2). server 1 , server 2 share same ltpa key same realm. works fine, can make manual calls (with curl example) domain2 using ltpatoken2 webclient obtain domain1.
the problem is: when make cors call web client, use withcredentials true, withcredentials includes cookies remote domain, , of course have no cookie yet since browser not know domain2 yet. need include ltpatoken2 cookie local domain (domain1) when doing cross-domain ajax call domain2. way authenticated. because of cookie cross domain policy i'm stuck.
am approaching problem in wrong way here? how handle that: doing cors call yet unknown domain using ltaptoken local domain?
thank help!
Comments
Post a Comment