oauth - What is the best SSO solution for a native mobile app which can support multiple IDPs? -
in our current situation, our web-based application(sp) has integrated sso using spring security saml extension. our product saas , have different clients may have different idps (identity providers) configured @ end. we're trying provide sso support our mobile application.
after search, i've come across 3 possible solutions implement:
1) using web view: when saml enabled client, mobile app embed web view renders idp login page upon opening mobile app. url on sp side hit trigger saml redirect idp. webview carry out sp-initiated login flow. however, webview not use cookie space, user has login app, every time app killed or session expires. webview not browser, i've read may not handle edge-cases during http redirects.
2) using native sso app: idps provide native sso app mobile app can log idp. mobile app can interact idp's native application via sdks provided respective idp. since our mobile app should able support sso many idps, if follow approach may have integrate multiple native sso apps each idp. i'm not sure if plausible in our scenario
3) using oauth , saml: third option add oauth support our mobile app. idps salesforce support oauth authorize mobile apps, i'm not sure if idps support oauth , how difficult implement oauth , saml mobile app.
could tell me approach preferable in above scenario or there better approaches didn't consider? suggestions?
many thanks!
for mobile apps think oauth2 or openid connect preferred on saml. work great mobile solutions.
they have notion of channel communication authentication server. means can safely fire device's default browser sign in , benefit cookies in one. once user has authenticated in browser, application receive token channel calls auth server.
if have saml-only idps option use identity server translation, acts saml2 sp , oauth server.
Comments
Post a Comment