Cordova SSO Login

4 posts, 0 answers
  1. Crish
    Crish avatar
    2 posts
    Member since:
    Mar 2016

    Posted 09 Mar Link to this post

    I'm quite new to Apache Cordova, as a matter of fact hated java script but of late owing to my karma fell on this part of the world.

    My Problem - My organisation has a SSO login URL .aspx page which needs to be called in my Cordova app and login credentials to be sent to authenticate the user, on successful completion a session is returned using which the protected api's can be accessed.

    Now I’m unsure how I call the external page -

    1) Do I use the InAppbrowser - calling is easy but how would I capture the session.

    2) I cannot call the sso url in my stateprovider

    I'm literally struck.

    Please can you kindly advise in this regard.
  2. Anton Dobrev
    Admin
    Anton Dobrev avatar
    539 posts

    Posted 14 Mar Link to this post

    Hi Crish,

    Thanks for posting to the Telerik Developer Forums.

    Usually with ASPX pages running on your server and returning a cookie to the browser you have the solution for web browsers. In a Cordova app, however, cookies are not supported and you may consider implementing another mechanism.

    The easiest solution appears to be to create a Web API authentication service (re-using the ASP.NET identity management) that returns an access token if the username and password are successfully validated. This token is subsequently sent by the mobile app to the server to present the user authorization to access server resources.

    To call this service from the client mobile app, use a jQuery AJAX request. When you have the token, attach it in all subsequent requests as for example in the Authorization header, depends what format the server will recognize.

    You may also need to add additional validations in your server API to recognize the client authentication/authorization sent with a token.

    This post about Secure a Web API with Individual Accounts and Local Login in ASP.NET Web API 2.2 may be helpful to further illustrate the above. The client code with jQuery should also be usable in a Cordova app.

    I hope that this helps.

    Regards,
    Anton Dobrev
    Telerik
     

    Visit the Telerik Verified Plugins Marketplace and get the custom Cordova plugin you need, already tweaked to work seamlessly with AppBuilder.

     
  3. Crish
    Crish avatar
    2 posts
    Member since:
    Mar 2016

    Posted 14 Mar in reply to Anton Dobrev Link to this post

    Hi Anton, Many thanks for your kind response. Much appreciated here.

    I'm quite new to to Cordova/Inappbrowser .I initially thought that  I can call my company SSO URL page written in .aspx, passing in credentials (username/password) and on successful authentication capture the  session/token sent by the SSO broker page.

    Now, I know that it is not possible to capture the session/tokens using in Cordova InAppbrowser.

    Let me have a study on the URL's that you have sent.

    Thanks,

    Samuel.

     

     

  4. Anton Dobrev
    Admin
    Anton Dobrev avatar
    539 posts

    Posted 17 Mar Link to this post

    Hi Crish,

    I apologize for not answering your question in regard the InAppBrowser usage.

    One example approach using it would be:

    - Open the SSO page of your organization in the InAppBrowser from the app
    - The page validates the credentials and redirects the browser to an address in your domain and concatenates the access token to the URL
    - The client app parses the access token from the URL and reuses it subsequently.

    For example:
    var ref; // will contain an instance of the InAppBrowser
     
    // open the InAppBrowser with the SSO page
    ref = window.open(authorize_url, '_blank', 'location=no');
     
    // subscribe for the corresponding events of the InAppBrowser
    ref.addEventListener('loadstop', function(event) {
        // handle the event here
    });
     
    ref.addEventListener('loaderror', function(event) {
        // handle the event here
    });
     
     
    ref.addEventListener('loadstart', function(event) {
        // handle the event here
    });

    You can read more about the InAppBrowser API here.

    Though the InAppBrowser approach may be also applicable, in my previous reply I was exemplifying the web services approach as a more flexible and modern way to add data and authentication to your mobile apps.

    I hope that this helps.

    Regards,
    Anton Dobrev
    Telerik
     

    Visit the Telerik Verified Plugins Marketplace and get the custom Cordova plugin you need, already tweaked to work seamlessly with AppBuilder.

     
Back to Top