Is there a sample application which I can refer for SAML interactions on Android? Anyone successfully ported/used OpenSAML on Android ?
I am trying to write a simple app which would (instead of browser redirection) use native APIs to carry out SAML authentication.
Also some pointers to test environment where I can test SAML clients would help.
If you need to authenticate your mobile app users against a SAML 2.0 IDP, then you would NOT build this into Android (or iOS). Best practice would be to have your mobile app use OAuthv2 and exchange a SAML Response generated by the IDP for your local SP/AS OAuth token. Essentially, the application would launch the WebView browser w/in your application to carry out the SAML Web SSO profile which would result in your AS giving your mobile app an OAuth token. It's not required to use OAuth in this type of scenario, but it will add security & standard support to your mobile application.
Ping Identity [Note: I do work for Ping] has done a ton of work to make SAML/OAuth quick and easy for SaaS Providers to implement (over 250 SaaS Providers and growing). Check out https://www.pingidentity.com/products/pingfederate/secure-mobile-access.cfm
HTH =- Ian
来源:https://stackoverflow.com/questions/11929158/saml-client-implementation-for-android