I am building a prototype with the following context.
The MVC side is complete, but I am not sure how to approach the mobile side.
My previous attempt used a Web API and ADFS' "adfs/services/trust/13/usernamemixed" endpoint. This allowed the mobile device to send credentials to the API which then authenticated the user using ADFS's endpoint. Then it returned a JWT token to the mobile app.
We must receive SAML tokens from the Idp (could be ADFS or a different Idp), but our apps are agnostic about the type of token.
I have two question.
First thing, I wouldn't recommend SAML for Mobile devices (specially native apps) as SAML assumes clients as browsers. In mobile apps, it opens a browser to authenticate which is not the best approach i feel. I would suggest using OpenID/Oauth for mobile devices.
An Idp can support multiple Sign-In protocols such as WS -Fed, SAML 2.0 or OAuth. It depends on the client to use the relevant protocol.
Coming to WS - Fed with IdentityServer3, There is an OWIN Middleware which helps in achieving it.
using Microsoft.Owin.Security.WsFederation;
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
Wtrealm = "https://localhost:44309/core", //identityserver3
Wreply = "replyaddress",
MetadataAddress = "https://localhost/federationmetadata.xml",
AuthenticationType = "adfs",
Caption = "ADFS",
SignInAsAuthenticationType = "sometype"
});
The above code takes you to ADFS login screen, after succesful authentication you will redirect back to Wreply
address mentioned above, It retuns SAML 1.1 response. You need to parse it and use it.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.