How to disable SSO only for a specific application in yammer? - single-sign-on

I want to use yammer api in my app. For that I created yammer app from https://www.yammer.com/client_applications and then called link
https://www.yammer.com/dialog/oauth?client_id=[:client_id]&redirect_uri=[:redirect_uri]&response_type=token
as described in yammer documentation.
The problem is when i enter the mail address i am redirected to SSO platform of the enterprise.
Is there a possibility to disable SSO only for this app ?
Or is there any way to avoid redirection to SSO platform ?
Thanks in advance.

No, it is not possible to disable SSO at the app level. All user authentication request must go through the SSO flow if SSO is enabled for the yammer network.

Related

SAML link from native mobile app to website

Fairly new to SAML - so I was hoping someone can help me with this question.. Within our mobile application, we use our clients' SAML integration via the IDP-initiated flow. This all works as a charm, logging in, refreshing the token, etc.
Is it possible to open a website (not another mobile app) in our mobile app and pass on the SAML authentication so a user doesn't have to sign in again?

Native SSO on AWS Cognito using Okta IdP

Does anyone know if Cognito supports Okta native SSO?
I am trying to integrate with an AWS Cognito flow using Okta as an external idP.
You can find more on the design on Okta SSO.
--
I am working on a solution that authenticates an embedded view in a mobile app without needing to show any prompt to the user if they are already logged in. A web-SSO flow will trigger an "iOS prompt" every time the embedded view is being accessed. This embedded view is from a third party that uses Cognito while the mobile app uses Okta.
Here's more info on the prompt -https://developer.okta.com/blog/2022/01/13/mobile-sso
Cognito works with Okta based on browser communication, regardless what you choose: SAML or OIDC integration between Cognito and Okta.
So if you envision that you'll get this flow invoked through a browser, I don't see any difference between native or web-SSO.
But if you hope to use a token obtained from Okta through native-SSO to sign-into Cognito, I'd lean towards saying "no".
Maybe someone with real experience corrects me though.

OneLogin Portal iOS App Not Sending Domain Redirect URI

I have set up a Custom Connection in OneLogin using OpenId Connect. In OneLogin for my App settings in the SSO tab the Application Type is set to Web and Authentication Method is set to POST.
When using the OneLogin on the web my connection works as designed. The server is receiving the users OneLogin Domain Redirect Uri as the header
Referral: {Domain Redirect URI}
in the first GET request to start the SSO process.
When using OneLogins mobile application OneLogin Portal, the server does not receive the header Domain Redirect URI and then cannot request the information necessary for that users request. Does anyone know if there is a setting that needs to be changed to allow users to connect via the OneLogin Portal application? It does not make any sense to me why these two devices would handle the OIDC SSO flow differently.
Without going into the details of your configuration. There is a difference in how a device does and OIDC flow and how a mobile device does OIDC flow and how a browser does an OIDC flow.
RFC 7595 section 6
RFC 8252 section 7
If the redirects are all valid, then it might be a software issue.
Have you tried this device flow on an android device?

Authentication in a mobile app

We are developing a hybrid mobile app (code is written in HTML and runs on browser shell as a native app on the device). We need to authenticate the user against an external security manager. I've seen the Gmail App in iPhone which opens a browser to authenticate the user. We are also looking to do something of that sort. We just need to gather your thoughts on how authentication can be done with some external security manager in a mobile app.
Also I noticed that Dailymotion website was able to know if the user is authenticated with Facebook. This looks like a cross domain authentication.
Can you please share your thoughts on how Google and others have implemented it?
What you are looking for is OAuth and OpenID services to federate your login. Depending on the architecture of your system you can implement whichever one you like or even a hybrid of both.
Take a look at this link: Federated Login for Google Accounts
It provides all the useful information you need.
Hmm this question seems old but in case you haven't found an answer here's how I did it with my hybrid apps :
open url on client side with the provider's (facebook/twitter/instagram) url for login
the user logs in and is redirected to the server's callback url (my server is written in nodejs)
once I've got the access token from the provider. I save this token and then create a token for the client to reuse every time the user wants to access a protected ressource.
Download the apk and test it.
If this is what you're looking for you can checkout both the client side code at : https://github.com/malikov/Authenticate.me-client-cordova-ionic
And the server side code at : https://github.com/malikov/Authenticate.me-Node-Server
Cheers

Can you use openID as a single sign-on for an iphone app?

I'm looking to implement Single Sign On for a native iOS app whereby logging in with this single sign on gives the mobile device authenticated access to our private service in a fashion that is somewhat similar to oauth.
The marketing text on openid.net suggests that "OpenID is a safe, faster, and easier way to log in to web sites.". Emphasis on web sites.
So the question is: Is it reasonable to implement openID on a native mobile app, or is openID only for web sites.
I've been scouring the web and I'm not finding a way to fit openID in as my login option.
The best way to do this seems to be to use a UIWebView and render a log in page from your site in it. Once the user logs in, they'll be redirected back to your site and have an auth cookie, which you can extract, store, and send on subsequent HTTP requests to the server.
See this, which has a sample code link at the bottom.
OpenID sends its messages as a series of HTTP requests and responses. Your app and the openid provider must communicate to each other via HTTP post, and you will need to redirect the user to corresponding URLs, and have a URL for the user to be redirected back to. As such, you will probably find it difficult to integrate with your app.
Derek Knight claims to have been experimenting with iOS and OpenID using the Janrain Engage iOS SDK. Although the github link he references no longer exists and he doesnt provide a complete and verified solution, he does offer an idea for how it might work.
OpenID and iOS development - gordonknight.co.uk
Janrain Engage for your iPad Apps
The accepted answer diminish the OpenID protocol. OpenID is a federated authentication protocol aiming simple SSO experience, its a web based protocol but it can be implemented if you design an authentication broker.
APPs share nothing, apps should never access anything but identity token and access token (if allow). here is a link to get you starter in the right path to build seems-less SSO in the mobile between apps regardless the app isolation level.
https://www.pingidentity.com/developer/en/resources/napps-native-app-sso.html
Libraries:
https://github.com/openid/AppAuth-iOS
https://github.com/openid/AppAuth-Android