I have a portal called A , known as www.aone.com, which has several users. I have a portal called B (www.btwo.com). This portal also has users.
Now I want that, log in with portal A, and add one button, and when we click on that button, we can access portal B.
Note: Both portals have the same authentication details.It means both users maintain same username and same password
How can I figure it out?
If I add an Iframe in Portal A , an iframe URL is of Portal B. and I authenticated the user also. but both portals have their different session timeout, also the condition is that from the iframe, the user can not see the login or logout page.
It sounds like you have 2 completely different systems for these 2 websites, as in, what you're describing is that each website has its own account storage and logging mechanisms and the only common thing is that the account's information is the same.
To have a common/shared SSO session you need a centralized Identity Provider(IdP) that handles all the authentications and issues cookies/tokens for the said session. The websites can then also verify the sessions against this IdP
This in turn means that your websites/systems must trust the IdP.
If you log in from one site into the other you will get 2 sets of session cookies, if you automatically do this then you risk opening up other vulnerabilities.