2

I'm using Google Cloud IAP (Identity Aware Proxy) to restrict access to several services running on different subdomains (a.mycompany.com, b.mycompany.com, etc.).

When I log in to a.mycompany.com, I'd like it to log me in to b.mycompany.com as well. When I authenticate via one of these URLs, I see this set-cookie header on the final redirect:

set-cookie: GCP_IAAP_AUTH_TOKEN=eyJh...HsA; path=/; Secure; HttpOnly

My understanding is that I could share this cookie by adding a domain= clause to it. Is it possible to do this with GCP IAP?

Maxim
  • 3,172
  • 9
  • 21
danvk
  • 13,227
  • 3
  • 51
  • 86

1 Answers1

0

I couldn't find a way to manually update the headers that IAP uses, it seems like a black box. I'd suggest you to submit a feature request via this link under "Identity & Security".

mehdi sharifi
  • 131
  • 5