stackoom
  简体   繁体   中英

How can I do Mobile App authentication with SAML IDP

 原文  2022-07-22 20:54:45       authentication/ azure-active-directory/ openid-connect/ azure-b2c

Question

We have a inhouse SAML2 Token based IDP. It works great with websites etc but we are building a new mobile app and since Mobile Apps dont play well with SAML, we are trying to put a Proxy Service Provider/Relying Party in between the MObile app and the IDP. The only function of the Proxy SP would be accept a SAML token and establish a session and then talk to the Mobile App using OpenID Connect. In the past we have used AWS cognito successfully with another client but we are moving away from AWS towards Azure and are wondering if Azure B2C is what we need to use for this. Does anyone have any experience with this or something similar. Specifically, Do we need to look into Azure AD or Azure AD B2c? It needs to be able to add an external Identity Provider (SAML Based) and receive the SAML token and redirect to a return url with the auth code. From there on its pretty straight forward with the OIDC flow.

TIA Mohan

1 answers

solution1
 0  2022-07-26 18:36:45

I'd recommend moving towards an architecture with this behaviour, where

  • APIs receive a JWT access token on every request and can use it to protect requests for data
  • Web and mobile clients authenticate users via OpenID Connect and an Authorization Server (AS), then receive an access token, so that they can call APIs
  • The AS issues tokens in a way that allows you to control scopes and claims issued in access tokens
  • The AS can integrate with various Identity Providers, including SAML ones

All of this allows you to code your apps in a future facing way. Azure AD is one example of an AS, though you would need to look into its SAML integration.

The AS is an essential part of the architecture and not just a proxy. It is common to introduce one when moving from a web backend architecture (which only supports browser clients) to a web, mobile and API architecture.

The contents of the tokens are important also, since JWTs will identify users with a subject claim from the AS, not the SAML IDP. This may not work for your existing backend.

So all of this requires an architectural design. As an example, this detailed onboarding article describes an approach, with a focus on being in control of your data.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question SAML authentication on Android mobile app saml2 idp authentication forwarding How do I set up persistent authentication in a mobile app? How do you handle SAML Authentication in an Ionic App? How to use SAML authentication in a mobile application? SAML redirects each SP request to IDP for checking authentication after successful IDP authentication? Can I use OAuth for authentication for trusted client (mobile app)? Mobile App: users writing to DB how to be sure they can(authentication)? How does the saml IDP / SP work with auth0? How can I do digest authentication with HttpWebRequest?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM