I'm working on a project which needs to parse some data from some protected web pages. In order to gain the access those pages, I have to overcome a SAML authetication form (Shibboleth). Is there someone who was able to implement this standard in Android (Java)? I already read this thread: SAML Client implementation for Android? but it doesn't give me a good solution. In fact, I need to get the data of some protected web pages in order to parse it, not to let the user to see the content of such pages. Therefore logging in through a WebView is not what I really need..
I think OpenSAML is your best bet for handling the SAML part and then maybe HttpClient for the things you normally will do in a browser. But there will be quite som work implementing this. There is nothing lightweight about SAML.
OpenSAML is just a library helping with processing of SAML messages so it is probably good for very customised stuff like this.
After some research, I ended up building it on my own. I carefully followed every redirect, and took note of every cookie created, edited or deleted (Opera, with its in-built option which allows to switch off redirects was the key). The result was a flow which then I replicated in a package ad hoc: the SetUpConnection class, whose task was connecting to the host and keeping track of the cookies. SAML class, which replicated the SAML flow, and finally the Main class, from which I can gather useful information.
Hope it helps.
来源:https://stackoverflow.com/questions/15254216/saml-client-for-android