Direct Broker is an SSO feature supplied by Appdome that secures the authentication communication. By adding the Direct Broker to your app, your app will block access to URLs outside the whitelisted domains during a Single Sign On (SSO) authentication process.This Knowledge Base article provides step-by-step instructions for using Appdome to add the Direct Broker enhancement to any Android and iOS mobile app.
We hope you find this knowledge base useful and enjoy using Appdome!
About No Code Direct Broker on Appdome
Appdome is a mobile integration platform as a service (iPaaS) that allows users to add a wide variety of features, SDKs and APIs to Android and iOS apps. Using a simple ‘click to add’ user interface, Appdome allows anyone to easily integrate the Direct Broker to any mobile app – instantly, no code or coding required.
Using Appdome, there are no development or coding prerequisites. For example, there is no Appdome SDK, libraries, or plug-ins to implement. Likewise, there are no required infrastructure changes inside the app. The Appdome technology adds Direct Broker capabilities to the app automatically, with no manual development work at all.
Using Appdome, mobile apps can integrate SSO to authenticate users. On top of the SSO solution, Appdome’s Direct Broker adds security and blocks malicious attempts to redirect the communication to non-approved domains. Appdome’s enhancements are compatible with mobile apps built in any development environment including Native Android and iOS apps, hybrid apps and non-native apps built in Xamarin, Cordova, and React Native, Ionic and more. This streamlines implementations, cuts development work, and ensures a guaranteed and consistent integration of The Direct Broker identity and security enhancement to any mobile app.
Prerequisites for using Appdome’s Direct Broker
In order to use Appdome’s no code implementation of Direct Broker, you’ll need:
- Appdome account
- Mobile App (.ipa for iOS, or .apk for Android)
- An active configuration of Appdome for Single Sign-on. Please note the following information from your SSO provider:
- Initiate login URI (sometimes referred to as the Hub URI)
- Redirect URI (sometimes referred to as the Authentication successful URI)
- Client ID – the ID assigned to an app on the SSO provider
- List of domains allowed during the authentication process
If you do not know the exact domains accessed normally during the authentication process, you may be able to extract these by using a browser’s developer options on your computer. Following the example for extracting the domains used while authenticating using the site https://demo.c2id.com/oidc-client/
- Open Chrome browser
- Make sure you are logged out of your SSO provider in Chrome
- open https://demo.c2id.com/oidc-client/
- If not using openid, just log into the Initiate login URI
- Under OpenID Connect 1.0 Client, in the Issuer box, enter the discovery URI for your SSO provider
- If no discovery URI is available, enter the openid endpoints manually
- Under Client details enter:
- Your app’s Client ID from the SSO provider
- If client secret is required, change the Client authentication accordingly
- If code exchange is required, change PKCE accordingly (Okta, for instance, uses S256 when PKCE is chosen for an app)
- Copy the Redirection URI from the box and configure it in your SSO provider for your app
- Under Authenticate end-user enter select Response type as code
- Click Log in with OpenID Connect
- Right click the opened window and click Inspect
- Select the Network Tab. Note: a blue underline will appear showing it is active
- Check the Preserve log and Disable cache checkboxes
- To the right of View, check the Use small request rows
- Log-in to the SSO provider
- In the Developer options, note the domains used for non-resource URLs
- Please note that the domain of your Initiate login URI and/or discovery URI will need to be whitelisted as well if not shown in the developer options
How to Add Direct Broker capabilities to Any Mobile App on Appdome
Follow these step-by-step instructions to add Direct Broker capabilities to Any Mobile App:
Upload a Mobile App to Your Account
From the “Fuse” tab, Add Direct Broker
Select the Fuse Tab. Note: a blue underline will appear showing the step is active
Beneath the Fuse Tab, you will find several service options. Select Identity. Note: a blue highlight will appear showing the category is active.
- Configure your desired SSO provider as described in Appdome for Single Sign-on
- Open the Scheme drop-down list named Appdome SSO+ Suite
- In the Appdome SSO+ Suite, enable Direct Broker
- Specify one or more approved Identity Broker domains
5. When finished, click Fuse My App.
The technology behind Fuse My App has two major elements – (1) a micro service architecture filled with 1000s of code sets needed for mobile integrations, and (2) an adaptive code generation engine that can recognize the development environment, frameworks and methods in each app and match the app to the relevant code-sets needed to add SSO and Direct Broker capabilities to the mobile app in seconds. For example, the technology of Open-ID Connect and Webview authentication, work that ordinarily a developer would need to do.
Congratulations! You now have a mobile app fully integrated with Direct Broker capabilities.
After Adding Direct Broker to a Mobile App on Appdome
After you have added Direct Broker to any Mobile App on Appdome, there are a few additional steps needed to complete your mobile integration project.
Add Context™ to the Appdome-Fused App
Appdome is a full featured mobile integration platform. Within Context™, Appdome users can brand the app, including adding a favicon to denote the new service added to the app.
For more information on the range of options available in Context™, please read this knowledge base article.
Sign the Direct Broker enabled Appdome-Fused App (Required)
In order to deploy an Appdome-Fused app, it must be signed. Signing iOS apps and Signing Android apps are easy using Appdome. Alternatively, you can use Private Signing, download your unsigned app and sign locally using your own signing methods.
Deploy the Appdome-Fused App to a Mobile Device
Once you have signed your Appdome-Fused app, you can download to deploy it using your distribution method of choice. For more information on deploying your Appdome-Fused apps, please read this knowledge base.
That is it – Enjoy Appdome’s Direct Broker capabilities in your app!
How Do I Learn More?
If you have any questions, please send them our way at email@example.com or via the chat window on the Appdome platform.
To zoom out on this topic, visit Appdome for Mobile Identity on our website.