feature request: SAML support in client apps #3
Comments
|
Unfollow standars is always a bad idea. For those scenarios people recommend to use a mix between SAML and Oauth2 If we want to support SAML on an android platform, we could use this javascript oauth library+phonegap Unfortunately I do this development on my spare time and now I am focused on providing SAML support to other open source software. |
|
Thanks for the links, I'm giving them a read. I think "Delegated Authentication Based Single Sign-On" is what I'm talking about :-) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi there
Now that I have SAML working, I now realise it "only" works from web browsers - not the Windows/Mac/phone apps. There are two ways that could be solved, one is to update all the client software to be able to support SAML, and the other is to "forge" SAML by doing it from the server. ie you send your SAML creds in the standard login form, and new code does a "SAML login" into the IdP, records (statefully) how long the returned token is valid for, and then that username/password pair (via a hash of course) is compared against the cache for the lifetime of the token. I know that 100% violates SAML design - but if you are running owncloud for your own IdP organization, it really isn't increasing risk(?)
Just a thought :-)
Jason
The text was updated successfully, but these errors were encountered: