CAS5.3, SSO between native Mobile App and Web App
117 views
Skip to first unread message
Yan Zhou
Apr 11, 2019, 4:52:32 PM4/11/19
to CAS Community
Hello,
Say, one webapp using CAS protocol to authenticate against CAS 5.3, another native mobile app uses OpenID Connect to authenticate.
When user gets into Mobile app, can he SSO to webapp?
Thx,
Yan
Andy Ng
Apr 11, 2019, 10:02:52 PM4/11/19
to CAS Community
Hi Yan,
We have built something like this before,
And the answer is: yes you can! When user login to webapp using CAS protocol, they can SSO to their native app.
However some implementation is needed, I can give you some information on this:
- So achieve this, you would want the native app to not use WebView to open browser, instead us Chrome Custom Tab for Android / Safari View Controller for iOS
- So achieve this, you would want the native app to not use WebView to open browser, instead us Chrome Custom Tab for Android / Safari View Controller for iOS
- it is quite complicated to setup the Chrome custom tab or Safari View Controller yourself, so I recommend using the AppAuth library (supported by Google) instead:
- AppAuth iOS: https://github.com/openid/AppAuth-iOS
- AppAuth iOS: https://github.com/openid/AppAuth-iOS
- AppAuth Android: https://github.com/openid/AppAuth-Android
- The behavior is like the below:
- When user login to your app, it will pop up a in-app browser inside the app (instead of redirecting to the outside browser / instead of using webview)
- When user login to your app, it will pop up a in-app browser inside the app (instead of redirecting to the outside browser / instead of using webview)
- Since user already login, CAS will redirect to the redirect_uri, so this screen will flash for a sec
- The in-app browser then will be closed, and AppAuth library will handle the rest of the login.
In the case where user it not login yet, CAS login screen will be shown, and the flow will be the same after user authenticate successfully
See if the above helps you.
Cheers!
- Andy
omatary
May 14, 2021, 11:26:38 AM5/14/21
to CAS Community, Andy Ng
Hi Andy,
I wonder if you have few minutes to talk about your integration?. At Rutgers , our Portal team is working on building a mobile app and they need to establish SSO with CAS so that users can access other applications without the need to re-authenticate .
If you are available , I will have one of my IdM and Portal engineers to talk to you . We are using CAS 5.3 .
My University email address is "oalm...@oit.rutgers.edu"
Much appreciated .
Regards,
Omer AlMatary
Andy Ng
May 14, 2021, 10:40:19 PM5/14/21
to CAS Community, omatary, Andy Ng
Hi Omer,
Thanks for reaching out, I do not mind sharing my experience. However if I am sharing anything related to CAS, I prefer to share it on this group so it can act as reference to all the members, not just particular teams :) So I instead of verbal discussion, I would like to be in text and share in here.
After looking back to the email conversation, I think I already said all the generic information about our mobile to web integration, which is the use of AppAuth and not use WebView. Maybe you have specific question you would like to ask? If so, you can put all question you would like to ask here, so me (and other member) can add our insight on the matter when we are free.
Cheers!
- Andy
P.S. CAS 5.3 is already EOL https://apereo.github.io/cas/developer/Maintenance-Policy.html#eol-schedule, i.e. if you encounter issue with CAS 5.3 it would not be fix. You should consider an upgrade to CAS 6.x asap.
Reply all
Reply to author
Forward
0 new messages