2

I'm using Google Cloud IAP (Identity Aware Proxy) to restrict access to several services running on different subdomains (a.mycompany.com, b.mycompany.com, etc.).

When I log in to a.mycompany.com, I'd like it to log me in to b.mycompany.com as well. When I authenticate via one of these URLs, I see this set-cookie header on the final redirect:

set-cookie: GCP_IAAP_AUTH_TOKEN=eyJh...HsA; path=/; Secure; HttpOnly

My understanding is that I could share this cookie by adding a domain= clause to it. Is it possible to do this with GCP IAP?

Maxim
  • 4,075
  • 1
  • 14
  • 23
danvk
  • 15,863
  • 5
  • 72
  • 116

2 Answers2

0

I couldn't find a way to manually update the headers that IAP uses, it seems like a black box. I'd suggest you to submit a feature request via this link under "Identity & Security".

mehdi sharifi
  • 131
  • 5
0

It seems that GCP IAP supports a cookieDomain property that you could use to share the cookie between your two sub-domains:

https://cloud.google.com/iap/docs/reference/rest/v1/IapSettings

Michael James
  • 11
  • 3