Mobile SSO - web brower+ native iOS

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Mobile SSO - web brower+ native iOS

jeffpower78
we have a situation where users have applications  both html5 based web and
also native iOS apps accessing from iPads

The requirement is that users access the web based application within a
iPad, which will be redirected to central server for login.
Once user logins, next time, if the same user just tap on the native app
within the same device, it should not again prompt for userid/password,
rather SSO takes care of it

We need to design  so that users can toggle back and forth among mobile
browser apps and mobile apps.
This is ideal for agents, sales reps, who to need to switch quickly among
programs while on the go.,

Would like to know - is this something aerogear security supports please or any suggestion, advice?

Thanks and Regards
Jeff
Reply | Threaded
Open this post in threaded view
|

Re: [Aerogear-users] Mobile SSO - web brower+ native iOS

Matthias Wessendorf
Hi Jeff,

sorry for the late response, but did you checkout keycloak project ? The AeroGear team did do OAuth2 libs for Keycloak, as described here:

Keycloak itself has also support for web apps (e.g. the UPS is protected by it)

HTH,
Matthias

On Fri, Nov 27, 2015 at 11:49 AM, jeffpower78 <[hidden email]> wrote:
we have a situation where users have applications  both html5 based web and
also native iOS apps accessing from iPads

The requirement is that users access the web based application within a
iPad, which will be redirected to central server for login.
Once user logins, next time, if the same user just tap on the native app
within the same device, it should not again prompt for userid/password,
rather SSO takes care of it

We need to design  so that users can toggle back and forth among mobile
browser apps and mobile apps.
This is ideal for agents, sales reps, who to need to switch quickly among
programs while on the go.,

Would like to know - is this something aerogear security supports please or
any suggestion, advice?

Thanks and Regards
Jeff



--
View this message in context: http://aerogear-users.1116366.n5.nabble.com/Mobile-SSO-web-brower-native-iOS-tp312.html
Sent from the aerogear-users mailing list archive at Nabble.com.
_______________________________________________
Aerogear-users mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-users



--

_______________________________________________
Aerogear-users mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-users
Reply | Threaded
Open this post in threaded view
|

Re: [Aerogear-users] Mobile SSO - web brower+ native iOS

Corinne Krych
Hi Jeff

To share OAuth2 tokens between Cordova app and iOS native app on a same mobile, I'd use the Keychain sharing mechanism. I wrote a blog about Keychain sharing between iOS mobile app and its extension [1]. The idea is similar here.

I think more work is needed on push plugin to make it more extendable and allow the generation of the required Entitlements.plist file [2]. @Erik can talk more about it and obviously PR are welcome.

Last but not least, for security reason, Keychain sharing is allowed only between apps signed by a same organisation.

++
Corinne

On 3 December 2015 at 09:07, Matthias Wessendorf <[hidden email]> wrote:
Hi Jeff,

sorry for the late response, but did you checkout keycloak project ? The AeroGear team did do OAuth2 libs for Keycloak, as described here:

Keycloak itself has also support for web apps (e.g. the UPS is protected by it)

HTH,
Matthias

On Fri, Nov 27, 2015 at 11:49 AM, jeffpower78 <[hidden email]> wrote:
we have a situation where users have applications  both html5 based web and
also native iOS apps accessing from iPads

The requirement is that users access the web based application within a
iPad, which will be redirected to central server for login.
Once user logins, next time, if the same user just tap on the native app
within the same device, it should not again prompt for userid/password,
rather SSO takes care of it

We need to design  so that users can toggle back and forth among mobile
browser apps and mobile apps.
This is ideal for agents, sales reps, who to need to switch quickly among
programs while on the go.,

Would like to know - is this something aerogear security supports please or
any suggestion, advice?

Thanks and Regards
Jeff



--
View this message in context: http://aerogear-users.1116366.n5.nabble.com/Mobile-SSO-web-brower-native-iOS-tp312.html
Sent from the aerogear-users mailing list archive at Nabble.com.
_______________________________________________
Aerogear-users mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-users



--

_______________________________________________
Aerogear-users mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-users



_______________________________________________
Aerogear-users mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-users
Reply | Threaded
Open this post in threaded view
|

Re: [Aerogear-users] Mobile SSO - web brower+ native iOS

Erik Jan de Wit
Hi Jeff,

Right, so cordova uses the OAuth2 swift code directly so the changes made to the cookbook to allow sharing of the Keychain could also be applied to the cordova plugin.

And like Corinne already mentioned it would be nice if this was a feature that one could easily enable. Could you create a feature request for it?
 

On Thu, Dec 3, 2015 at 9:46 AM, Corinne Krych <[hidden email]> wrote:
Hi Jeff

To share OAuth2 tokens between Cordova app and iOS native app on a same mobile, I'd use the Keychain sharing mechanism. I wrote a blog about Keychain sharing between iOS mobile app and its extension [1]. The idea is similar here.

I think more work is needed on push plugin to make it more extendable and allow the generation of the required Entitlements.plist file [2]. @Erik can talk more about it and obviously PR are welcome.

Last but not least, for security reason, Keychain sharing is allowed only between apps signed by a same organisation.

++
Corinne

On 3 December 2015 at 09:07, Matthias Wessendorf <[hidden email]> wrote:
Hi Jeff,

sorry for the late response, but did you checkout keycloak project ? The AeroGear team did do OAuth2 libs for Keycloak, as described here:

Keycloak itself has also support for web apps (e.g. the UPS is protected by it)

HTH,
Matthias

On Fri, Nov 27, 2015 at 11:49 AM, jeffpower78 <[hidden email]> wrote:
we have a situation where users have applications  both html5 based web and
also native iOS apps accessing from iPads

The requirement is that users access the web based application within a
iPad, which will be redirected to central server for login.
Once user logins, next time, if the same user just tap on the native app
within the same device, it should not again prompt for userid/password,
rather SSO takes care of it

We need to design  so that users can toggle back and forth among mobile
browser apps and mobile apps.
This is ideal for agents, sales reps, who to need to switch quickly among
programs while on the go.,

Would like to know - is this something aerogear security supports please or
any suggestion, advice?

Thanks and Regards
Jeff



--
View this message in context: http://aerogear-users.1116366.n5.nabble.com/Mobile-SSO-web-brower-native-iOS-tp312.html
Sent from the aerogear-users mailing list archive at Nabble.com.
_______________________________________________
Aerogear-users mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-users



--

_______________________________________________
Aerogear-users mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-users



_______________________________________________
Aerogear-users mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-users




--
Cheers,
       Erik Jan

_______________________________________________
Aerogear-users mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-users