search

owncloud / android

:phone: The ownCloud Android App
GNU General Public License v2.0
3.84k stars 3.05k forks source link

Federated Authentication error: "Cannot authenticate against this server" #907

Closed brunnomoreira closed 8 years ago

brunnomoreira commented 9 years ago

Hello,

I'm trying to access a OC server through a federated infrastructure. When trying to connect to a server at the following address: https://cana.imd.ufrn.br/oc-shib

I get the following error message of the app: "Cannot authenticate against this server"

Accessing through a browser is all normal. As well as in the desktop client that shows the page to choose the Idp and , since the IDP is selected, your login page appears , once authenticated I have access to my files.

The problem is access through the android client. Analyzing the source code, I note that The mAuthTokenType variable in AuthenticatorActivity class is definied for "owncloud.password", but the authentication method identified is SAML_WEB_SSO. So the authSupported method (in line 1065) returns false, generating the message "auth_can_not_auth_against_server".

On the other hand.

When the auth_method_saml_web_sso(in steup.xml) is definied to "on", the mAuthTokenType value is definied to "owncloud.saml.web_sso.session_cookie". Thus the app shows only the server url field, and when I input the url, a webView dialog is shown, loading the page to the IDP choosing page.
But when I interact with it, it crashes and the application returns to the initial screen.

Apparently the value of mAuthTokenType is definied during startup(line 219) and is no longer modified. Even when the authentication method identified is the SAML_WEB_SSO.

Why is this happening? federated authentication is actually supported by app?

Any help would be much appreciated. Thank you.

davivel commented 8 years ago

@brunno18 , in the regular Android app authentication via SAML SSO is not supported - it's disabled. You'll need to ask your server provider for a customized version of the app with the authentication enabled.

As an alternative, you can build the app by yourself. To enable the feature you only need to change the value of the property "auth_method_saml_web_sso" to on in the file res/values/setup.xml.

It's very probable that in the short term the regular version of the app adapts the login UI depending on the authentication method used by the server, but at the moment there is no other option.