Let's say I have two websites that live on separate domains, and they have been authenticated with SSO login. I log into the first website and authenticate, and now I decide to visit the second website using a link visible in 1st website. This link redirect to the second website and no credentials needed. (Note that these websites are developed and hosted by some other company and I don't have access to the source code. I have one login credentials and I am expecting to access the page data of second website)
I want to access the websites using .net code. I have done some work and gone up to accessing the link of first website using HTTP requests and cookies which redirects to the second website. But soon after I clicked the link it open domain 2 in new browser tab and generates new session id as well. It doesn't have any connection with first website cookie. But I can access the data of website 2 when I pass the URL and current session id of website 2 manually.
Is there any security mechanism behind SSO login which can be break through to access the common session Id for both website 1 and website 2?How can I find the connection between two domains when they have two session Ids. I can't post the codes here as it have some privacy information of my client.