Is it possible to SSO using OIDC across different providers (Google, AWS)? One Client (web application) is using OIDC/Google and another is using OIDC/AWS. The goal is to AuthN only once, and traverse both sites without having login again. the web application bound to OIDC/AWS is authoritative and SoR for managing the accounts.
Is this possible, what are my options? possible to federate between both service providers? Thank you!
If there are any systems interaction diagrams that could help visualize the flow that would be great to point out.
I've looked into all docs provided by OIDC, Google and AWS but could not find any helpful insights or instructions on how to federate between different providers.
BTW This article did not make sense https://cloud.google.com/iap/docs/enable-external-identities
Single sign on has a precondition on using the same authentication for both apps. This
identity providersets an SSO cookie that can be used to prevent the second login.Usually, when using OAuth and OpenID Connect, your apps interact with an
authorization serverby running a code flow. The authorization server can be configured to run a second code flow, so that authentication occurs at an external identity provider.In your case this would enable you to change behaviour one of the apps, to do a federated login. It has a prerequisite of using a system that supports the authorization server role though. Not all cloud providers support this.