Chat now with support
Chat with Support

Cloud Access Manager 8.1.2 - How To Configure Single Sign-On for Native Android Apps

Dell™ One Identity Cloud Access Manager 8.1.2 - How to Configure Single Sign-On for Native Android Applications

This guide describes how to deploy Single Sign-On (SSO) for native Android™ applications using the OpenID® Connect http://openid.net/connect/ protocol, and includes the following information:

Overview

Using the OpenID® Connect protocol, the Android™ application authenticates the user against Dell™ One Identity Cloud Access Manager and retrieves a set of three security tokens, as shown in Figure 1. The security tokens are known as the ID Token, Refresh Token and Access Token.

The ID Token contains a collection of identity claims about the user that can be used by the Android™ application to identify the user.

The Access Token allows the Android™ application to securely access OAuth2 protected Web APIs on behalf of the user. When the Access Token expires, the Refresh Token is used by the Android™ application to obtain a new Access Token, without the need for the user to re-authenticate as shown in Figure 2.

The Web API validates the Access Token by using it to obtain a set of claims about the user from Cloud Access Manager. The claims are then used by the Web API to identify the user and control the user’s access.

Application walkthrough

This sample application consists of two components:

The sample Android™ application contains a package called openidconnect which can be used in a standard Android™ project to authenticate users, using the OpenID® Connect Code Flow.

The sample Web API contains a .NET Open Web Interface (OWIN) middleware called CAMBearerTokenAuthentication which can be used in a standard .NET Web API project to authenticate the Android™ application, using the Access Tokens obtained from Dell™ One Identity Cloud Access Manager.

The standard Authorize attribute can be used on the Web APIs to restrict access. The Authorize attribute supports restrictions based on role and user claims which, by default, map to the claim names role and preferred_username.
To utilize other claims, a custom AuthorizeAttribute can be created. For example:

Cloud Access Manager configuration

Perform the following configuration steps within Dell™ One Identity Cloud Access Manager to enable single sign-on to native Android™ applications.

1
Make sure that the settings on the OpenID Connect / OAuth 2.0 Settings page are as shown below:
2
Make sure that the settings on the Token Settings page are as shown below:
3
Make sure that the settings on the Claim Mapping page are as shown below:
Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating