cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Fiori iOS tutorials - SAML and OUATH - how to force logon dialog again?

Go to solution
Former Member

on ‎04-05-2017 1:59 AM

0 Kudos

I've run through all the new Fiori iOS tutorials and specifically the security ones to showcase logon via basic, auth, saml and oauth.

What I am wondering is - once you logon with saml and tick the "remember me" checkbox. How do you ever get to show the logon popup again. For example if you wanted to change the password.

Or how does an administrator force it to NOT remember so the user must logon again. I cannot find anywhere in SAP Cloud mobile services where you can do this. Maybe it is a feature of the SAP Identity Provider which is used by default here?!?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

aschlosser
Employee
Employee
‎04-06-2017 6:23 AM
0 Kudos

Got it; SAP ID service has self-service for users who forgot their password or want to change it: https://help.sap.com/viewer/6d6d63354d1242d185ab4830fc04feb1/Cloud/en-US/d4c3811a58c44982bce09e9fdcb.... I presume there's also admin/operator functionality to enforce a password reset, maybe here: https://help.sap.com/viewer/6d6d63354d1242d185ab4830fc04feb1/Cloud/en-US/045cb01bd2034b05a69e1a626e4..., but I couldn't validate this right now.

There is nothing in the SDK / mobile services for that, but we rely either on SAP ID service or a custom IdP to provide this functionality.

Andreas

Show replies
Show replies

Answers (2)

Answers (2)

Former Member
‎04-06-2017 2:46 AM
0 Kudos

Thanks Andreas... I guess I was more thinking from the perspective of: what if the user loses their device... They call up IT Support and let them know - how does IT support block access. In this example of using the SAP Identity Provider - is there somewhere we you can block the login?

Show replies
Show replies
aschlosser
Employee
Employee
‎04-05-2017 5:55 AM
0 Kudos

Jason,

You're right here; the SAML authentication is happening in a WebView and what happens inside is effectively outside of the control of the SDK. Even though I have to say that when you actually checked that 'remember me' box, you get what you've asked for. And hoping for the logon screen to show up so you can change your password is maybe not the right expectation either?

You can configure SAP CP to use a custom IdP - you'll experience the same here. Whatever that custom IdP might offer, the logic is something the SDK cannot control by design of how SAML flows work.

The interaction point of the SDK is the fact that we need to realize when the authentication flow is over (by configuration the respective 'done' URL in the SAMLAuthenticationParameters) and then we can extract a valid session cookie from the web view, but that is about it.

Thanks
Andreas

Show replies
Show replies
Ask a Question