Solved: SMP3 - iOs - Authentication SAML & Logout

Former Member · ‎08-06-2015

Hi all,

I am developing a native iOS application with SAML authentication with MAFLogon.

- I managed to establish the connection and the registration on server but I note that the SAML authentication page appears the first time on the first launch, but once I am me authenticated, the SAML authentication page no longer appears at startup, but only when called the first web-service.

Do you know why ? And how to choose the moment when to display the page?

- On the other hand, when the first connection, this page appears:

Do you know how not to display it?

- Finally, I didn't find any explanation on how to perform a clean logout at a SAML authentication. Do you know how to perform?

Best Regards,

Julien.

marvin_hoffmann · ‎08-11-2015

--Do you know why ? And how to choose the moment when to display the page?

The IDP Session and the SMP session are not the same. So if you configured an app on SMP with SAML auth provider and this app receives a request, SMP will check if there is a SMP session available. If not SMP will forward the client to your IDP for authentication. If the IDP still has a valid session IDP can directly issue a SAML assertion ticket (even without displaying the authentication screen again). Once SMP received and validated the assertion ticket it creates a SMP session. SMP session timeout is set by default to 20 minutes. (can be changed in tomcat settings). That means that after 20 minutes of inactivty the user would need to authenticate again.

In your case you could perform a dummy-login-request maybe to the base url of your smp app, simply to force the idp login page to appear directly after your app started...

--Do you know how not to display it?

The App passcode page is based on the Passcode Policy you setup inside the SMP app settings in Management Cockpit. If you want to customize the UI of this page you can do it, because the LogonManager offers customizing possibilites (you would have to check if you could completely dismiss this page...)

-- Finally, I didn't find any explanation on how to perform a clean logout at a SAML authentication. Do you know how to perform?

This is a good point. I adressed this long time already as a feature request towards SMP Product Management, unfortunately it seems that it still nit get picked up. There is no logout url on SMP available, so no server-side logout possibility. I really do not want to use the workaround as suggested by Midhun to delete the registration on SMP. One main idea of the registration (appcid) is to have a consistent possibility to track and monitor a connection (also over a longer period of time).

So for a logout simulation you could try to delete all local cookies and objects, so that no session information are available anylonger, that should simulate a logout. But in case of SAML logout this would be even more difficult, because usually a SMP logout should also trigger a logout of IDP session.

Regards

Marvin

midhun_vp · ‎08-06-2015

Hi Julien,

I haven't tried iOS, in android for logout we need to delete the user as mentioned in this document: http://help.sap.com/saphelp_smp308sdk/helpdata/en/7c/09250170061014bb05d2c9cd16418c/frameset.htm

This will delete the user from SMP admin cockpit.

I hope that same api would be available for iOS too.

Could you explain your requirement in detail.

Regards, Midhun

SAP Technology RIG

SMP3 - iOs - Authentication SAML & Logout

Accepted Solutions (1)

Accepted Solutions (1)

Answers (1)

Answers (1)

Re: MDK - setFocus AlwaysHide not working on Andro...

Re: How to make a REST "PUT" call to a dynamic url...

Re: Abap2xlsx: print internal table without header

Re: CF Deployment Error: Error getting tenant t0

Abap2xlsx: print internal table without header