Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question about configuring authentication cookies lifetime (and other settings) #1496

Open
mobinseven opened this issue Nov 29, 2024 · 2 comments
Open

Question about configuring authentication cookies lifetime (and other settings) #1496

mobinseven opened this issue Nov 29, 2024 · 2 comments
Assignees
@RolandGuijt
Labels
IdentityServer question

Comments

@mobinseven
Copy link

mobinseven commented Nov 29, 2024
edited
Loading

Which version of Duende IdentityServer are you using?

7.0.8

Which version of .NET are you using?

8.0

Describe the issue

I have two hosts running on two different domains. One host authenticates users for the other external one. The authentication process works perfectly.

What I need to be done next is to increase the lifetime of the issued cookie for the external host. I have already customized the authentication host cookie lifetime(MaxAge) using ConfigureApplicationCookie. On every new session, the external host always redirects user to get authenticated. Because the user is already logged in the main authentication domain (the user already has an identity cookie) the user gets instantly redirected to the external domain authenticated, until the session is ended.

What has been tried?

AddIdentityServer cookie settings

  1. Configure one host to authenticate users for the other using Duende.IdentityServer 7.0.8.
  2. Customize the authentication cookie settings using AddIdentityServer and set options.Authentication.CookieLifetime.
  3. Authenticate a user and check the cookie settings in the browser.

Result
This breaks authentication in the main host without even solving the problem. The authentication cookie gets cleared instantly after logging into the main host.

ConfigureExternalCookie cookie settings

  1. Same as previous but this time using options.ExpireTimeSpan of ConfigureExternalCookie.
  2. Authenticate a user and check the cookie settings in the browser.

Result
No change in behaviour.

Expected behavior

The customized authentication cookie settings, such as CookieLifetime, should be applied to the cookie issued to the user's browser in the external host.
@RolandGuijt RolandGuijt self-assigned this Dec 2, 2024
@RolandGuijt
Copy link

Can you please indicate if the below is correct?

  • You have two identity provider applications on separate hosts, both running IdentityServer
  • One is configured as an external identity provider for the other
  • You want to extend the session cookie lifetime for the external one

@mobinseven
Copy link
Author

mobinseven commented Dec 2, 2024
edited
Loading

Can you please indicate if the below is correct?

yes, sir.

  • You have two identity provider applications on separate hosts, both running IdentityServer

No. Two separate hosts on two different domains. one identity provider (which have its own front-end including login forms, profile management, etc.). The other one is a mere front-end which requires authorized access and is a client for the identity provider (I called this one 'the external one').

  • One is configured as an external identity provider for the other

yes.

  • You want to extend the session cookie lifetime for the external one

I want to extend the lifetime of the cookies issued to the client users. The lifetime of the cookies issued to the identity provider host users itself are correctly customized.

Sorry for ambiguity in the problem statement. And thank you for your help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@RolandGuijt RolandGuijt

Labels
IdentityServer question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mobinseven @RolandGuijt