angularjs - How to use SAML authentication in a mobile application? -

-

i'm trying understand how saml authentication flow work in mobile environment client (angularjs based), api server (node & passport based), , idp exist on different domains.

from i've gathered general practice have server return 401 client if there's no authentication present (i.e. client didn't include bearer token in request). client understands 401 response indicates open login endpoint on server. when login endpoint opened makes passport call auth provider (which redirects user auth provider's site) , supplies callback url. when user authenticates, auth provider redirects provided callback url, allows server retrieve information auth provider's response , construct token of sort (e.g. jwt) can used client (i.e. included in headers) when making rest calls identify itself.

my question is: how client token server? because we're in redirect-based authentication flow, can't return token callback function; display token in browser without handing off of client. server issue 302 redirect pointing client domain , include authentication token in header? maybe should not redirect client server in first place , instead window.open() , use window.opener.postmessage or old fashioned/mobile-unfriendly?

this question talks authentication against saml idp, i'm interested in getting more details last bullet point , how work angularjs-based client.

many examples i've seen online either single domain using oauth/saml (passport-saml-example), avoids issue of having client exist on separate domain, or use 2 domains basic authentication, avoids issue of redirecting third party authentication, i'm having trouble finding examples uses bits , pieces i'm trying work with.

this blog post seems close i'm trying accomplish (see googlesignincallback) , uses 302 redirect imagined solution relies on explicitly knowing client url redirect to, seems problematic if wanted support multiple client types (i.e. native applications) in future.

eventually able work solution having application open browser window (cordova's inappbrowser) saml-enabled application, have application complete normal saml flow, , saml-enabled application generated jwt. mobile application able extract jwt string browser window inappbrowser's executescript functionality. pass jwt string along api server, able validate jwt signed , trusted.

after implemented solution saw there similar functionality available on github:

https://github.com/feedhenry-templates/saml-service

https://github.com/feedhenry-templates/saml-cloud-app

https://github.com/feedhenry-templates/saml-cordova-app

hopefully helps else trying deal issue!


Comments

Post a Comment

Popular posts from this blog

python - No exponential form of the z-axis in matplotlib-3D-plots -

-
Image
i have similar problem described in how prevent numbers being changed exponential form in python matplotlib figure : i don't want (in special case) weird scientific formatting of axis. problem different have problem @ z -axis. 2-d plots can use ax.get_yaxis().get_major_formatter().set_useoffset(false) . , there no function ax.get_zaxis() what use format z -axis same way? edit: example: from mpl_toolkits.mplot3d import axes3d import numpy np import sys import matplotlib import matplotlib.pyplot pyplot def func(xi, ti): res = 10e3 + np.cos(ti) * np.sin(xi) return res if __name__ == '__main__': timespacing = 20 timestart = 0 timeend = 1 time = np.linspace(timestart, timeend, timespacing) widthspacing = 50 widthstart = 0 widthend = 3 width = np.linspace(widthstart, widthend, widthspacing) reslist = [] matplotlib.rcparams['legend.fontsize'] = 10 fig = pyplot.figure() ax = fig.gca(projection = '3d...
Read more

php - Best Light server (Linux + Web server + Database) for Raspberry Pi -

-
i install web server database on raspberry pi (little computer). computer has 1gb ram. i want know best combination: linux distribution , web server , dbms run local server multiple users minimal latency, use php on server. , best settings performance , not have bugs (memory usage, disable plugin, disable service, etc)? i thought light debian , lighttpd server , sqlite database. solution? i think lighttpd + sqlite great choice. linux distro, debian @ centos or tiny core linux , although i'm not sure of compatibility pi. obviously, can't go wrong raspbian if want use in production , more stable performance, few more pi's , set them in cluster .
Read more

c# - "Newtonsoft.Json.JsonSerializationException unable to find constructor to use for types" error when deserializing class -

-
i developing app in xamarin android. have splash screen serialize class , pass mainactivity using intent . when try deserialize in mainactivity error message : "serializationexception unable find constructor use types" serialization : void loaddata() { currency currency = new currency(this); intent = new intent(this, typeof(mainactivity)); intent.putextra("currency", newtonsoft.json.jsonconvert.serializeobject(currency)); startactivity(intent); } deserialization : cur = newtonsoft.json.jsonconvert.deserializeobject<currency> (intent.getstringextra("currency")); // error here class constructor : public currency(context context) { thiscontext = context; } i began experiencing problem after added parameter context context constructor. has caused this? how can solve it? possible serialize/deserialize class has parameters? you need have empty constructor in currency class in order deserialize it. ...
Read more