Layer7 API Management

  • 1.  Integration with Central Authentication Service SSO question

    Posted Sep 08, 2016 11:14 PM

    How to do a single sign-on from mobile app to mobile browser ,

    Customer has a Central Authentication Service (CAS) web single sign-on solution ,

    when end user open mobile app , enter ID/PW , then click a url link in mobile app , the mobile app bring the mobile browser , end user enter ID/PW in browser again ,

    how API Gateway or Mobile API Gateway can  get Central Authentication Service (CAS) token/ticket ?



  • 2.  Re: Integration with Central Authentication Service SSO question

    Broadcom Employee
    Posted Sep 16, 2016 06:01 PM

    Jerry,

     

    Good afternoon. To help you out with this, would you provide me the way that you will obtain a token from CAS. There are multiple ways including REST calls (CAS - CAS REST Protocol ), SOAP calls, or web form posts.

     

    Sincerely,

     

    Stephen Hughes
    Director, CA Support



  • 3.  Re: Integration with Central Authentication Service SSO question

    Posted Sep 17, 2016 08:56 AM

    Hi Stephen ,

    If I can obtain and extract the CAS Service token in the API Gateway ,

    when I open the Webview from Native App , how can i bright the service token to the WebView without MAG SDK ?



  • 4.  Re: Integration with Central Authentication Service SSO question

    Broadcom Employee
    Posted Sep 22, 2016 03:39 PM

    Jerry,

     

    Feedback I received from our internal teams:

    Mobile apps can leverage browser session cookies / token by using Safari View Controller (SFViewController) in iOS or Chrome Tabs in Android instead of a normal WebView.

    The flow doesn’t change much and Safari and Chrome will reuse existing and valid cookies / token to perform SSO.

     

    More info here : https://tools.ietf.org/html/draft-ietf-oauth-native-apps-03

     

    4.  Overview

         At the time of writing, many native apps are still using web-views, a   type of embedded user-agent, for OAuth.  That approach has multiple   drawbacks, including the client app being able to eavesdrop user   credentials, and is a suboptimal user experience as the   authentication session can't be shared, and users need to sign-in to   each app separately.    OAuth flows between a native app and the system browser (or another   external user-agent) are more secure, and take advantage of the   shared authentication state to enable single sign-on.    Inter-process communication, such as OAuth flows between a native app   and the system browser can be achieved through URI-based   communication.  As this is exactly how OAuth works for web-based   OAuth flows between RP and IDP websites, OAuth can be used for native   app auth with very little modification.

     

     

    and here: https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html

     

    Or here: https://developer.pingidentity.com/en/resources/napps-native-app-sso.html

     

    Notice: Currently our Mobile SDKs are still using Webview and will not be able to leverage this feature. We will be adding this solution in later releases.

     

    Sincerely,

     

    Stephen Hughes

    Director, CA Support



  • 5.  Re: Integration with Central Authentication Service SSO question

    Posted Dec 04, 2018 10:23 AM

    Greetings,

     

      Two years have passed after the first post.

     

      Regarding Integration with Central Authentication Service, does anyone know if  we have an update on this scenario (MAG SDK with CAS Authentication)?