---
title: Cross-domain single sign-on
description: Configure cross-domain single sign-on (CDSSO) for PingAM Java Agent to transfer session IDs between the agent and PingAM across domains.
component: java-agents
version: 2026
page_id: java-agents:user-guide:cdsso
canonical_url: https://docs.pingidentity.com/java-agents/2026/user-guide/cdsso.html
---

# Cross-domain single sign-on

In Cross-Domain Single Sign-On (CDSSO), Java Agent processes requests using authentication provided by AM. Users can access multiple independent services from a single login session, using the agent to transfer the session ID. The agent and AM can be in the same domain or in different domains.

The following diagram illustrates the CDSSO flow:

![The sequence diagram illustrates Java Agents CDSSO flow.](_images/cdsso.svg)

When the agent is in [local configuration mode](glossary.html#def-local-configuration-mode), configure the [Authentication Redirect URI](../properties-reference/org.forgerock.agents.authn.redirect.uri.html). When the agent is in [remote configuration mode](glossary.html#def-remote-configuration-mode), the value is set by the agent configuration in AM.

For more information, refer to [Single sign-on](https://docs.pingidentity.com/pingam/8.1/authentication-guide/about-sso.html) and [Implement CDSSO](https://docs.pingidentity.com/pingam/8.1/authentication-guide/about-sso.html#implementing-cdsso) in AM's *Authentication and SSO guide*.