I am Currently Working on SSO Project. Like Google, we have accounts.domain.com as SSO Server. And we have three applications hosted on three different servers(application1.com,application2.com,,application3.com,).
Whenever the user wants to log in from those three applications then the user will be redirected to the SSO Server. If the login credential supplied by the user is correct means the SSO Server generates a JWT access token. Now the Generated token have to be attached to the user requested application response header and then the user will be redirected to the requested application along with the "Authorization: Bearer $token".
I am currently facing problem in attaching the generated token to the response header. I am currently using Slim 3 framework along with lcobucci/jwt for JWT token.
My Code :
$username = "Test";
$newResponse = $response->withHeader('Authorization' , "Bearer $token");
return $newResponse->withRedirect("http://application1.com/$username", 301);
When I debug the Response header in accounts.domain.com the Authorization header seems to be set. But on another end (application1.com) not receiving the Authorization Header.
Screenshots
Initial Request from application1.com SSO Domain Redirect to grab the Cookie Validate the Session by the Grabbed Cookie and attach the Auth Header attached Authentication Success but no Authorization Headers Received
My Doubt is whether the problem is because of server configuration(apache2) in .htaccess file (or) my implementation itself is wrong.
Guide me to fix this error.
Environment Details :
- Server : Apache 2
- Framework : Slim 3
- JWT : lcobucci/jwt package
