ADFS 2.0 and native mobile apps RRS feed

  • Question

  • Hi All,


    I am trying to do effective ADFS 2.0 authentication using SAML in my android app ? (I need android and iOs both, in fact)


    To provide a perspective, our app authenticates with ADFS 2.0 using a sts link . This actually presents an html page provided by adfs server asing for credentials and after submit we decipher the server response to collect SAML token to send to our webservice. Our webservice has a way to authenticate saml token with ADFS and then gives ios app with proper response. If our service gives ios app 401 unauthorized status, we prompt user to re-login using webview. Mostly this happens when user changes his password. This works, but is it the right way ? We tried to do it using a custom native login, but adfs server did not give SAML token, when we asked experts, we got an opinion that ADFS login presentation mechanism should not be tampered with.


    The problem is, the html page is not a great user experience. iOS / Android mail application connects to office 365 mail (MS Exchange probably) and asks for login using a native UI, and asks for re-login in certain intervals, which gives a smooth and seamless experience. Is it possible to achieve same in our scenario ? My assumption is Mail app connects to exchange server through using exchange protocol. If Exchange is bound to ADFS, that binding / authentication happens between exchange server and ADFS. Is my assumption correct ?


    Our limitation is we want to achieve this using ADFS 2.0 & SAML only.


    To Summeraize, the problem statement is:



    Rather than improving the current HTML login form the objective was to try to provide an integrated login with mobile app prepopulated with the user email to be used only on password reset every 40 days, this is how it works for iPhone / Android email on O365 and we are looking for a similar approach for a coherent and seamless user experience



    Friday, August 18, 2017 11:50 AM