How does an iOS App receive a SAML auth response?

Question

I'm working with a client who would like to authenticate with Active Directory Federated Services using SAML. As it was explained to me, the client ADFS server is the SAML identity provider and I simply need to provide a webview in the app for them to load a login page. Upon successful authentication the response should give authenticated metadata?

I've tried researching SAML and iOS and have only been able to find third party software which offers solutions, but no explanation of how this may be done without any third party integration into the app.

Resources I've looked into:

• https://www.mutuallyhuman.com/blog/2013/05/09/choosing-an-sso-strategy-saml-vs-oauth2/
• http://leandrob.com/2012/02/request-a-token-from-adfs-using-ws-trust-from-ios-objective-c-iphone-ipad-android-java-node-js-or-any-platform-or-language/
• http://blog.centrify.com/ideal-solution-for-sso-across-native-mobile-applications/
• https://msdn.microsoft.com/en-us/library/bb897402.aspx

Since I don't know anything about the content of this login page, how do I determine if the response has authenticated correctly? Additionally how do I extract and pull relevant information from this response into the app to store for future authenticated web service requests?

Answer 1

If the customer has ADFS 2012R2, it supports OAuth for public clients. Use the ADAL (Active Directory Authentication library) that supports ADFS. In this case, it will pop up a browser dialog window to do the authentication and then get a an authorization code. This code is then converted to an access token (JWT) which can then be used against a WebAPI.