Mobile SSO with ADFS in any iOS or Android app

Adding ADFS SSO to Any Mobile App Without Coding

Appdome is a mobile integration platform as a service (iPaaS) that allows users to add a wide variety of features, SDKs and APIs to Android and iOS apps. Using a simple ‘click to add’ user interface, Appdome allows anyone to easily integrate ADFS SSO to any mobile app – instantly, no code or coding required.

Using Appdome, there are no development or coding prerequisites. For example, there is no Appdome SDK, libraries, or plug-ins to implement. Likewise, there are no required infrastructure changes and no dependency on SAML, OAuth, OpenID Connect or any other authentication standard inside the app. The Appdome technology adds ADFS SSO and relevant standards, frameworks and more to the app automatically, with no manual development work at all. Using Appdome, mobile apps will use ADFS SSO to authenticate users as if ADFS SSO was natively coded to the app.

The following diagram illustrates the Single-Sign-On flow within the app when integrating ADFS as an Identity Provider (IdP):

1. The application sends a request to reach an unauthorized resource (protected by a gateway, AD, or the app server itself)
   (e.g. https://appservice.mycompany.com)
2. The server protecting the resource responds with 401 or 30X response since the request is not authorized
3. Appdome identifies the response for the protected resource and opens an internal Webview within the built App
4. The internal Webview is opened on the ADFS Hub URL
   (e.g. https://adfs.mycompany.com/adfs/ls/idpinitiatedsignon.aspx)
5. The user can now authenticate using any authentication method the hub URL requires, during the  authorization session, the cookies and authorization token are received
6. The Azure server redirects to the Success URI (e.g. https://successful-authentication-internal-url/portal.html) since the authorization succeeded.
7. Appdome identifies the successful URI redirect and closes the internal Webview, thus returning the view to the original app
8. Now, when the app tries to reach the protected resource, the authorization header or cookies are attached to the outgoing request. The gateway will trust these credentials and the app will reach the protected resource successfully.

In order to use Appdome’s no code implementation of ADFS SSO on Appdome, you’ll need:

• Appdome account – IDEAL or Higher.
• Mobile App (.ipa for iOS, or .apk or .aab for Android)
• ADFS Login (Hub) URL
• Authentication Successful URI
• Signing Credentials (e.g., signing certificates and provisioning profile)

How to Add ADFS SSO to Any Mobile App on Appdome

Follow these step-by-step instructions to add ADFS SSO to Any Mobile App:

Upload a Mobile App to Your Account

Please follow these steps to add a mobile app to your Appdome account.
If you don’t have an Appdome account, click here to create an account.

From the “Build” tab, Add ADFS SSO

1. Click the Build tab
2. Click Authentication tab
3. Click + Add profile and Select Scheme from the dropdown: Microsoft Active Directory Federation Services (ADFS)
4. Type the ADFS Hub URL
5. Type the Authentication Successful URI
6. Type the Application Service URL Protected Resource
7. Click Build My App

Congratulations! You now have a mobile app fully integrated with ADFS SSO.

Building Custom ADFS SSO Workflows Inside Android and iOS Apps

Building Single Sign-On inside Android and iOS apps involves several significant considerations. Perhaps the most significant consideration is “where” and “when” the Single Sign-On workflow will take place inside the app. Usually, an SSO workflow is initiated at the start of a login sequence. In this use case, the client and the server are built to handle the basic authentication sequence (User –> launches app –> enters credentials –> credentials verified by the server –> user issued a token or cookie allowing access to the app).

But, what if the app developer hasn’t or doesn’t want to build the app to support basic authentication? Or, what if the app developer wants more than the username and password provided in the basic authentication workflow (e.g., access to user details available in new authentication methods)? In these cases, Appdome-Threat Events provide a framework to pass user details contained in an OpenID and SAML authentication response to the app developer. This framework allows new flexibility to create custom SSO workflows inside an app using industry-standard methods to retrieve and pass user details between authentication services and mobile apps.

ADFS authentication services usually connect on the backend to a store of user data and use SAML or OpenID to handle authentication requests. Using SAML and OpenID, applications have access to all the user and authentication details returned by the server backend (i.e. any data the backend implements).

Read this KB article to learn more.

After Adding ADFS SSO to a Mobile App on Appdome

After you have added ADFS SSO to any Mobile App on Appdome, there are a few additional steps needed to complete your mobile integration project.

How Do I Learn More?

Check out Appdome for SSO+ blog or request a demo at any time. 

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.