Methods, systems, and media are shown for providing a reverse proxy system with SSO capability involving receiving an authentication response message from a client that includes an authentication token and a unique session identifier and determining whether the identifier is stored on the proxy service. If the session identifier is stored on the proxy service, sending the authentication response message to a service provider to which the authentication response message is directed. If the session identifier in the authentication response message is not stored on the proxy service: sending a login request message to the service provider to which the authentication response message is directed, receiving an authentication request message from the service provider that includes an other unique session identifier and redirects the authentication request message to an identity provider, storing the other session identifier, and sending the authentication request message with the other identifier to the client.