Does anyone know if Cognito supports Okta native SSO?
I am trying to integrate with an AWS Cognito flow using Okta as an external idP.
You can find more on the design on Okta SSO.
--
I am working on a solution that authenticates an embedded view in a mobile app without needing to show any prompt to the user if they are already logged in. A web-SSO flow will trigger an "iOS prompt" every time the embedded view is being accessed. This embedded view is from a third party that uses Cognito while the mobile app uses Okta.
Here's more info on the prompt -https://developer.okta.com/blog/2022/01/13/mobile-sso
Cognito works with Okta based on browser communication, regardless what you choose: SAML or OIDC integration between Cognito and Okta.
So if you envision that you'll get this flow invoked through a browser, I don't see any difference between native or web-SSO.
But if you hope to use a token obtained from Okta through native-SSO to sign-into Cognito, I'd lean towards saying "no".
Maybe someone with real experience corrects me though.
Related
Fairly new to SAML - so I was hoping someone can help me with this question.. Within our mobile application, we use our clients' SAML integration via the IDP-initiated flow. This all works as a charm, logging in, refreshing the token, etc.
Is it possible to open a website (not another mobile app) in our mobile app and pass on the SAML authentication so a user doesn't have to sign in again?
I have enabled the aws sso in that created one saml Application, when we login using aws sso we can able to see the saml application,but i cant able to change the logo of application, is there any way to change the icon/logo of saml application?
enter image description here
any suggestion that would be helpful for me.
I’ve got a set of APIs written in ASP.NET. These are to be accessed by a web app and native mobile app, and should be protected by the SSO.
I would like to be able have a SSO, where the user can login online and access the web app, and can also login on the native app (via the browser), and it’ll remember their login details (ie with an authorization_token).
I’ve been looking into IdentityServer4 but I’m a bit stuck on which authorization flows I would need for this.
Any help is appreciated, as it’s starting to hurt my brain! Do let me know if I need to explain it better.
For flows, there are today only two flows you should consider.
Authorization code flow, this flow is for clients where you want a user to login/signup, like a mobile app or web-application. Meaning, you have a user and a browser involved here.
Client credentials flow, is all about machine to machine communication, where you have no user involved.
I want to use yammer api in my app. For that I created yammer app from https://www.yammer.com/client_applications and then called link
https://www.yammer.com/dialog/oauth?client_id=[:client_id]&redirect_uri=[:redirect_uri]&response_type=token
as described in yammer documentation.
The problem is when i enter the mail address i am redirected to SSO platform of the enterprise.
Is there a possibility to disable SSO only for this app ?
Or is there any way to avoid redirection to SSO platform ?
Thanks in advance.
No, it is not possible to disable SSO at the app level. All user authentication request must go through the SSO flow if SSO is enabled for the yammer network.
When I develop a App Project on iPhone, it's need to authenticate.
My basic requirement is to have custom login screen. But the Service providers currently provide OAuth protocal only, not XAuth protocal. Does this mean that if I use OAuth protocol, it will can not be achieved what I need (custom login screen), and I must be loaded the service provider's interface by UIWebView to enter user name and password?
Best Regards!
For OAuth v1, yes that is the only option.
For OAuth v2 there are more "flows" which can be used. See this article for a intro to OAuth v2.
So it all depends on who you are connecting to as to what version of OAuth they support. You may like to connect whoever you are connecting to to see if they provide other options. I know people that are working with a vendor so that the vendor are supporting some of the OAuth v2 extendations for them to make it nicer for there mobile applications as the "web" view looks shit on mobile devices.
On the other side, once you have the token it's yours until revoked. This means you can save it and use it from then onwards. This means you may only have to display the login only when the token fails.