[prev in list] [next in list] [prev in thread] [next in thread] 

List:       shibboleth-dev
Subject:    Re: iOS development
From:       "Cantor, Scott" <cantor.2 () osu ! edu>
Date:       2014-10-20 23:28:12
Message-ID: D06B114E.124C5%cantor.2 () osu ! edu
[Download RAW message or body]

On 10/20/14, 5:41 PM, "Pixbroker" <pixbroker@gmail.com> wrote:

>We are using Shibboleth IDP and would like to integrate existing iOS
>mobile applications to use it for single sign on. Are there any examples
>of how to do this from iOS? Specifically, how to detect a redirect,
>suspend additional network traffic until the sign on is resolved, share
>credentials among apps.

There are two ways to "properly" use SAML that way, one is the ECP profile
and the other is with a browser as the login UI.

The former there are some libraries for linked in the wiki, and Ohio State
has an iOS and Androis ECP client implementation that I can probably
manage to make available at some point, but I didn't build it.

Using a browser is self-explanatory, except that gluing the resulting
cookie to an application is nothing I'm familiar with since I've never
done any mobile development.

As a design matter, the ECP flow is such that it can be largely
encapsulated by an HTTP library and invisible to the app. One major
downside is it pragmatically can't handle anything but a basic
name/password UI and the user can't know whether the app is misusing the
password.

-- Scott

-- 
To unsubscribe from this list send an email to dev-unsubscribe@shibboleth.net
[prev in list] [next in list] [prev in thread] [next in thread]