Open jhaar opened 11 years ago
Unfollow standars is always a bad idea.
For those scenarios people recommend to use a mix between SAML and Oauth2 http://wiki.developerforce.com/page/Single_Sign-On_for_Desktop_and_Mobile_Applications_using_SAML_and_OAuth
If we want to support SAML on an android platform, we could use this javascript oauth library+phonegap https://github.com/andreassolberg/jso
Unfortunately I do this development on my spare time and now I am focused on providing SAML support to other open source software.
Thanks for the links, I'm giving them a read. I think "Delegated Authentication Based Single Sign-On" is what I'm talking about :-)
Hi there
Now that I have SAML working, I now realise it "only" works from web browsers - not the Windows/Mac/phone apps. There are two ways that could be solved, one is to update all the client software to be able to support SAML, and the other is to "forge" SAML by doing it from the server. ie you send your SAML creds in the standard login form, and new code does a "SAML login" into the IdP, records (statefully) how long the returned token is valid for, and then that username/password pair (via a hash of course) is compared against the cache for the lifetime of the token. I know that 100% violates SAML design - but if you are running owncloud for your own IdP organization, it really isn't increasing risk(?)
Just a thought :-)
Jason