<p><divclass="noteclassic">For security reason, a cookie provided for a domain cannot be sent to another domain. To extend <abbrtitle="Single Sign On">SSO</abbr> on several domains, a cross-domain mechanism is implemented in LemonLDAP::NG.
<liclass="level1"><divclass="li"> User owns <ahref="../../documentation/current/ssocookie.html#sso_cookie"class="wikilink1"title="documentation:latest:ssocookie">SSO cookies</a> on the main domain (see <ahref="../../documentation/presentation.html#login"class="wikilink1"title="documentation:presentation">Login kinematics</a>)</div>
<liclass="level1"><divclass="li"> Handler does not see <ahref="../../documentation/current/ssocookie.html#sso_cookie"class="wikilink1"title="documentation:latest:ssocookie">SSO cookies</a> (because it is not in main domain) and redirects user on Portal</div>
<liclass="level1"><divclass="li"> Portal recognizes the user with its <ahref="../../documentation/current/ssocookie.html#sso_cookie"class="wikilink1"title="documentation:latest:ssocookie">SSO cookies</a>, and see he is coming from a different domain</div>
<liclass="level1"><divclass="li"> Portal redirects user on protected application with his session ID as <abbrtitle="Uniform Resource Locator">URL</abbr> parameter</div>
<liclass="level1"><divclass="li"> Handler detects <abbrtitle="Uniform Resource Locator">URL</abbr> parameter and create a <ahref="../../documentation/current/ssocookie.html#sso_cookie"class="wikilink1"title="documentation:latest:ssocookie">SSO cookies</a> on its domain, with session ID as value</div>