This used to work, so I’m wondering if something changed in a recent SS version.
I have two webs on the same site - https://somesite.com/svc and https://somesite.com/rpt. The main svc site has 2 methods of authentication - one is a custom CredentialsAuthProvider (that’s only used as an Admin Back Door and on our beta testing site) - the second is an OAuthProvider that interfaces with Okta.
The rpt site has only the CredentialsAuthProvider, which works the same way as the one in the svc site. It is only used for integration tests.
The goal (which again, has worked in the past), is to allow logins from the svc site to work in the rpt site. What I’m finding is that when I use the backdoor/Credentials Auth Provider to login to svc, the rpt site works fine, but when I login to svc using the Okta provider, I get 401s on all my services in the rpt site. I have verified that both are looking at the same cache (Redis). The __type of the auth session in the cache matches exactly. The AuthProvider properties are different in the cached AuthSession, as I would expect. Would the lack of the OktaAuthProvider in the svc class cause an issue with sharing the cached auth session between the two sites?