IdPMobile
Versión 1 (Emilio Penna, Lunes, 5 de Febrero de 2018 17:53:39 -0300)
1 | 1 | h1. IdPMobile |
|
---|---|---|---|
2 | 1 | ||
3 | 1 | ||
4 | 1 | h3. Referencias: |
|
5 | 1 | ||
6 | 1 | * http://shibboleth.1660669.n2.nabble.com/Android-Application-Question-td7630558.html (ver fragmentos en adjunto) |
|
7 | 1 | * https://www.mutuallyhuman.com/blog/2013/05/09/choosing-an-sso-strategy-saml-vs-oauth2/ |
|
8 | 1 | * https://www.pingidentity.com/developer/en/resources/napps-native-app-sso.html |
|
9 | 1 | ||
10 | 1 | h3. Linking a una aplicación movil: |
|
11 | 1 | ||
12 | 1 | * https://xamarinhelp.com/launching-mobile-app-via-uri-scheme/ |
|
13 | 1 | * https://xamarinhelp.com/uri-scheme/ |
|
14 | 1 | * https://developers.tune.com/sdk/deep-linking-to-your-mobile-app-from-your-website/ |
|
15 | 1 | ||
16 | 1 | Ejemplos de uris que linkean a una aplicacion movil: |
|
17 | 1 | ||
18 | 1 | * twitter://timeline |
|
19 | 1 | * mobiledeeplinkingprojectdemo://product/123 |
|
20 | 1 | ||
21 | 1 | h3. Diagrama con posible interacción: |
|
22 | 1 | ||
23 | 1 | ||
24 | 1 | !mobile-idp1.png! |
|
25 | 1 | ||
26 | 1 | ||
27 | 1 | *IDEA DE FLUJO:* |
|
28 | 1 | ||
29 | 1 | # app request protected (sp) page (open system browser) |
|
30 | 1 | # authn request to idp |
|
31 | 1 | # login page |
|
32 | 1 | # redirecct to protected page |
|
33 | 1 | # redirect to mobile app con token de aplicacion |
|
34 | 1 | ||
35 | 1 | ||
36 | 1 | *Login handler* |
|
37 | 1 | ||
38 | 1 | # recibe pedido GET en /login, con variables de entorno ya cargadas por SP shib |
|
39 | 1 | # genera parametros, encripta/hmac en <token>. Ejemplo encode(ci+hmac) |
|
40 | 1 | # redirige a app mobil, a myapp://init/<token> |
|
41 | 1 | ||
42 | 1 | Luego, app mobil recibe parametros, verifica y genera sesion. |
|
43 | 1 | (Si solo usa documento, podria no ser necesario get user info) |
|
44 | 1 | ||
45 | 1 | Ideas para proteger el request: |
|
46 | 1 | https://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthentication.html |
|
47 | 1 | ||
48 | 1 | <pre> |
|
49 | 1 | h = hmac.new("OtxrzxIsfpFjA7SwPzILwy8Bw21TLhquhboDYROV", |
|
50 | 1 | "GET\n\n\n1141889120\n/quotes/nelson", |
|
51 | 1 | sha) |
|
52 | 1 | urllib.quote_plus(base64.encodestring(h.digest()).strip()) |
|
53 | 1 | Note that we also url-encoded the result this time. This is because the output from the base64 algorithm is not suitable for use as a query string parameter, so we add an additional layer of armor to make it acceptable. |
|
54 | 1 | </pre> |