6:48 a.m.
Dear All
we have a situation where users have applications both html5 based web and
also native iOS apps accessing from iPads
The requirement is that users access the web based application within a
iPad, which will be redirected to Keyclock IDP server for login.
Once user logins, next time, if the same user just tap on the native app
within the same device, it should not again prompt for userid/password,
rather SSO takes care of it
We need to design so that users can toggle back and forth among mobile
browser apps and mobile apps.
This is ideal for agents, sales reps, who to need to switch quickly among
programs while on the go.,
Would like to know - is this something KeyCloak with SAML 2.0 supports out
of the box please?
Thanks and Regards
Joseph
8:53 a.m.
New subject: Mobile SSO - web brower+ native iOS
Hi,
For native mobile integration with Keycloak you should look at AeroGear (
aerogear.org). We don't have the experience on our team to develop native
mobile integration.
Does it have to be SAMLv2 though? OpenID Connect is better designed for
html5 and mobile use cases.
On 26 November 2015 at 06:48, <Joseph.George(a)finantix.com> wrote:
Dear All
we have a situation where users have applications both html5 based web and
also native iOS apps accessing from iPads
The requirement is that users access the web based application within a
iPad, which will be redirected to Keyclock IDP server for login.
Once user logins, next time, if the same user just tap on the native app
within the same device, it should not again prompt for userid/password,
rather SSO takes care of it
We need to design so that users can toggle back and forth among mobile
browser apps and mobile apps.
This is ideal for agents, sales reps, who to need to switch quickly among
programs while on the go.,
Would like to know - is this something KeyCloak with SAML 2.0 supports out
of the box please?
Thanks and Regards
Joseph
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
12:26 p.m.
New subject: Mobile SSO - web brower+ native iOS
Months ago we had such requirement for FeedHenry. The fact, is that SAML
2.0 is not mobile friendly, due to the multiple redirects between SP, IdP
and the Web Browser.
The best you can do, like already mentioned by Stian is to make use of
OpenID or make use of Webviews. But with Webviews, you have to deal with
the annoying login prompt every time.
If you are interested about the work on it, take a look at:
https://github.com/feedhenry-templates?utf8=%E2%9C%93&query=saml
I hope it helps.
On Thu, Nov 26, 2015 at 3:48 AM <Joseph.George(a)finantix.com> wrote:
Dear All
we have a situation where users have applications both html5 based web and
also native iOS apps accessing from iPads
The requirement is that users access the web based application within a
iPad, which will be redirected to Keyclock IDP server for login.
Once user logins, next time, if the same user just tap on the native app
within the same device, it should not again prompt for userid/password,
rather SSO takes care of it
We need to design so that users can toggle back and forth among mobile
browser apps and mobile apps.
This is ideal for agents, sales reps, who to need to switch quickly among
programs while on the go.,
Would like to know - is this something KeyCloak with SAML 2.0 supports out
of the box please?
Thanks and Regards
Joseph
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
1:22 a.m.
New subject: Mobile SSO - web brower+ native iOS
If you’re able to use OpenID Connect, this should be easy.
Create a client in Keycloak for your native iOS App. Use offline tokens. Register your
redirect scheme with Keycloak as myapp://foo or whatever makes sense. If the user is
logged into the mobile app, on first redirect to the native client, user shouldn’t see the
login screen since they’re already logged in. Your App will get an offline token. This
way, if the user enters the iOS app directly again - even days later - they’ll already be
logged in via the offline token.
I don’t think you need any changes in Keycloak to support this flow.
Best,
Scott
Scott Rossillo
Smartling | Senior Software Engineer
srossillo(a)smartling.com
<http://www.sigstr.com/>
On Nov 26, 2015, at 6:26 AM, Bruno Oliveira
<bruno(a)abstractj.org> wrote:
Months ago we had such requirement for FeedHenry. The fact, is that SAML 2.0 is not
mobile friendly, due to the multiple redirects between SP, IdP and the Web Browser.
The best you can do, like already mentioned by Stian is to make use of OpenID or make use
of Webviews. But with Webviews, you have to deal with the annoying login prompt every
time.
If you are interested about the work on it, take a look at:
https://github.com/feedhenry-templates?utf8=%E2%9C%93&query=saml
<https://github.com/feedhenry-templates?utf8=%E2%9C%93&query=saml>
I hope it helps.
On Thu, Nov 26, 2015 at 3:48 AM <Joseph.George(a)finantix.com
<mailto:Joseph.George@finantix.com>> wrote:
Dear All
we have a situation where users have applications both html5 based web and
also native iOS apps accessing from iPads
The requirement is that users access the web based application within a
iPad, which will be redirected to Keyclock IDP server for login.
Once user logins, next time, if the same user just tap on the native app
within the same device, it should not again prompt for userid/password,
rather SSO takes care of it
We need to design so that users can toggle back and forth among mobile
browser apps and mobile apps.
This is ideal for agents, sales reps, who to need to switch quickly among
programs while on the go.,
Would like to know - is this something KeyCloak with SAML 2.0 supports out
of the box please?
Thanks and Regards
Joseph
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3070
days inactive
3074
days old
3 comments
4 participants
participants (4)
-
Bruno Oliveira -
Joseph.George@finantix.com -
Scott Rossillo -
Stian Thorgersen