** 2021-W15 *** 2021-04-12 Monday **** IN-PROGRESS IROH-Auth Session :work: :LOGBOOK: CLOCK: [2021-04-12 Mon 16:29]--[2021-04-12 Mon 17:29] => 1:00 :END: [2021-04-12 Mon 16:28] - ref :: https://blog.theodo.com/2016/10/how-to-track-your-users-over-several-domains/ - ref :: https://stackoverflow.com/questions/3342140/cross-domain-cookies - ref :: https://stackoverflow.com/questions/19531183/set-cookie-on-multiple-domains-with-php-or-javascript/19546680#19546680 Seems clear that whatever solution, cross-domain cookies will be more and more difficult to work as browser vendor will make their best to prevent user tracking. So the best solution would be to keep a IROH-Auth local session. If a user come on the IROH-Auth login page. We could have put a set of cookies (if we want cross domain but intra security.cisco.com one) or use localStorage. 1. We should ensure that once the user is logged sucessfully we save the JWT *** 2021-04-14 Wednesday **** MEETING interview :work:meeting: :LOGBOOK: CLOCK: [2021-04-14 Wed 18:28]--[2021-04-15 Thu 10:36] => 16:08 :END: [2021-04-14 Wed 18:28] - ref :: [[file:~/dev/iroh-admin-ui/assets/l33t.css::text-align: left;]] **** IN-PROGRESS Presentation IROH-Auth :work: :LOGBOOK: CLOCK: [2021-04-14 Wed 09:20]--[2021-04-14 Wed 18:28] => 9:08 :END: [2021-04-14 Wed 09:20] ***** History 1. Login using AMP SAML (generate JWT) 2. OAuth2 Provider (Grants) 3. Login using OpenID Connect with TG (client of OpenID Connect) 4. Users/Orgs in DB!!! 5. Account Activation 6. Become an OpenID Connect provider 7. OIDC with SSE ***** Internal User Structure ***** Cisco specificity *** 2021-04-15 Thursday **** IN-PROGRESS presentation IROH-Auth :work: :LOGBOOK: CLOCK: [2021-04-15 Thu 10:36]--[2021-04-15 Thu 11:06] => 0:30 :END: [2021-04-15 Thu 10:36] *** 2021-04-16 Friday **** IN-PROGRESS Presentation :work: :LOGBOOK: CLOCK: [2021-04-16 Fri 11:56]--[2021-04-16 Fri 12:56] => 1:00 :END: [2021-04-16 Fri 11:56]