We are using Forgerock OpenAM for managing authentication and authorization and I was wondering if it is possible to use this configuration:
- Domain 1 -> App 1 -> Use SAML2
- Domain 1 -> App 2 -> Use OpenID Connect
- Domain 2 -> App 1 -> Use OpenID Connect
All domains should connect to the same identity provider and it should also be possible to use SSO over both domains. Eg. If the user is signed in in any app (web or mobile) the user should also be automatically signed in for any app in domain 2.
I did some research on this topic but I did not find a concrete answer to this issue. For what I understand it that for websites a javascript is being used to authenticate the user, like what is being described here: https://security.stackexchange.com/a/38811
