<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">If you’re able to use OpenID Connect, this should be easy.<div class=""><br class=""></div><div class="">Create a client in Keycloak for your native iOS App. Use offline tokens. Register your redirect scheme with Keycloak as <a href="myapp://foo" class="">myapp://foo</a> or whatever makes sense. If the user is logged into the mobile app, on first redirect to the native client, user shouldn’t see the login screen since they’re already logged in. Your App will get an offline token. This way, if the user enters the iOS app directly again - even days later - they’ll already be logged in via the offline token.</div><div class=""><br class=""></div><div class="">I don’t think you need any changes in Keycloak to support this flow.</div><div class=""><br class=""></div><div class="">Best,</div><div class="">Scott</div><div class=""><br class=""></div><div class=""><br class=""><div apple-content-edited="true" class="">
<div class="">Scott Rossillo</div><div class="">Smartling | Senior Software Engineer</div><div class=""><a href="mailto:srossillo@smartling.com" class="">srossillo@smartling.com</a></div><div class=""><br class=""></div><div class=""><span style="color: rgb(169, 169, 169); font-family: gesta, Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; widows: 1; background-color: rgb(255, 255, 255);" class=""></span><div id="watermark" style="box-sizing: border-box; color: rgb(169, 169, 169); font-family: gesta, Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; widows: 1; background-color: rgb(255, 255, 255);" class=""><a href="http://www.sigstr.com/" style="box-sizing: border-box; color: rgb(0, 124, 194); text-decoration: none; background-color: transparent; outline: 0px !important;" class=""><img alt="Powered by Sigstr" border="0" src="https://app.sigstr.com/uc/55e5d41c6533390d03580000/watermark" style="box-sizing: border-box; border: 0px; vertical-align: top; max-width: 100%; height: auto; width: inherit; color: rgb(99, 99, 99); font-family: Helvetica; font-size: 11px;" class=""></a></div></div>
</div>
<br class=""><div><blockquote type="cite" class=""><div class="">On Nov 26, 2015, at 6:26 AM, Bruno Oliveira <<a href="mailto:bruno@abstractj.org" class="">bruno@abstractj.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">Months ago we had such requirement for FeedHenry. The fact, is that SAML 2.0 is not mobile friendly, due to the multiple redirects between SP, IdP and the Web Browser.<div class=""><br class=""></div><div class=""><div class=""><br class=""></div><div class="">The best you can do, like already mentioned by Stian is to make use of OpenID or make use of Webviews. But with Webviews, you have to deal with the annoying login prompt every time.</div><div class=""><br class=""></div><div class="">If you are interested about the work on it, take a look at: </div><div class=""><br class=""></div><div class=""><a href="https://github.com/feedhenry-templates?utf8=%E2%9C%93&query=saml" class="">https://github.com/feedhenry-templates?utf8=%E2%9C%93&query=saml</a></div><div class=""><br class=""></div><div class="">I hope it helps.</div><div class=""><br class=""><div class="gmail_quote"><div dir="ltr" class="">On Thu, Nov 26, 2015 at 3:48 AM <<a href="mailto:Joseph.George@finantix.com" class="">Joseph.George@finantix.com</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Dear All<br class="">
<br class="">
we have a situation where users have applications both html5 based web and<br class="">
also native iOS apps accessing from iPads<br class="">
<br class="">
The requirement is that users access the web based application within a<br class="">
iPad, which will be redirected to Keyclock IDP server for login.<br class="">
Once user logins, next time, if the same user just tap on the native app<br class="">
within the same device, it should not again prompt for userid/password,<br class="">
rather SSO takes care of it<br class="">
<br class="">
We need to design so that users can toggle back and forth among mobile<br class="">
browser apps and mobile apps.<br class="">
This is ideal for agents, sales reps, who to need to switch quickly among<br class="">
programs while on the go.,<br class="">
<br class="">
Would like to know - is this something KeyCloak with SAML 2.0 supports out<br class="">
of the box please?<br class="">
<br class="">
Thanks and Regards<br class="">
Joseph<br class="">
<br class="">
_______________________________________________<br class="">
keycloak-user mailing list<br class="">
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank" class="">keycloak-user@lists.jboss.org</a><br class="">
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank" class="">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br class="">
</blockquote></div></div></div></div>
_______________________________________________<br class="">keycloak-user mailing list<br class=""><a href="mailto:keycloak-user@lists.jboss.org" class="">keycloak-user@lists.jboss.org</a><br class="">https://lists.jboss.org/mailman/listinfo/keycloak-user</div></blockquote></div><br class=""></div></body></html>