Is there a sample application which I can refer for SAML interactions on Android? Anyone successfully ported/used OpenSAML on Android ?
I am trying to write a simple app which would (instead of browser redirection) use native APIs to carry out SAML authentication.
Also some pointers to test environment where I can test SAML clients would help.
SAML was simply not designed for modern application types, such as SPAs and mobile apps. You'll spend time fighting the protocol and still end up with a solution that is cumbersome and has security holes. Instead, we recommend using OpenID Connect in SPAs and mobile applications.
Google offers a SAML-based single sign-on (SSO) service that provides partner companies with full control over the authorization and authentication of hosted user accounts that can access web-based applications like Gmail or Google Calendar.
All clients follow a basic message flow to access the REST API using SAML. Whereas CSM acts as both the service provider and the identity provider in OAuth2 protocol, SAML protocol introduces a third-party identity provider.
If you need to authenticate your mobile app users against a SAML 2.0 IDP, then you would NOT build this into Android (or iOS). Best practice would be to have your mobile app use OAuthv2 and exchange a SAML Response generated by the IDP for your local SP/AS OAuth token. Essentially, the application would launch the WebView browser w/in your application to carry out the SAML Web SSO profile which would result in your AS giving your mobile app an OAuth token. It's not required to use OAuth in this type of scenario, but it will add security & standard support to your mobile application.
Ping Identity [Note: I do work for Ping] has done a ton of work to make SAML/OAuth quick and easy for SaaS Providers to implement (over 250 SaaS Providers and growing). Check out https://www.pingidentity.com/products/pingfederate/secure-mobile-access.cfm
HTH =- Ian
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With