MobileFirst: Logon to one device that will logout other devices/web - session

I have to implement a scenario in which if user login to 2nd device or mobile-web then the first device/web should be logged-out.
Both app & mobile-web are running on the same MobileFirst server and are using the same adapters and having almost same functionality.
I am not sure if such type of provision provided in MFP.
I am open to suggestions or guidance.

MFP doesn't support that. I know some application has similar feature,
I believe it's up to user code.
Would you check this information?
https://www-01.ibm.com/support/knowledgecenter/SSHSCD_7.0.0/com.ibm.worklight.dev.doc/dev/c_oauth_security_model.html
http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_administration_guide_chapter09186a0080153e60.html
How to logout previous session of a user,if he logins again on same or different browser
http://webcache.googleusercontent.com/search?q=cache:jbA-CDEbHowJ:stackoverflow.com/questions/1416732/how-to-logout-previous-session-of-a-user-if-he-logins-again-on-same-or-different+&cd=1&hl=en&ct=clnk&gl=us

Related

Parse authorization in mvc5 - login issues

I'm writing an app that's supposed to run with MVC5 and using parse as a backend.
I'm using the new Identity feature of the MVC5 to login an user. I also tried to use this solution but I couldn't make it work.
What is happening is that when I login with the user A and then login with the user B in a different session (a incognito windows or a new browser) whenever I try to insert something related with a ParseUser object using the first user that was logged in I get an exception: UserCannotBeAlteredWithoutSessionError.
I'm not sure if I'm doing the implementation in a wrong way, or if it is a limitation of the Parse (I think it was designed to run using one user per device).
If you have a workaround for this situation please help me.
There is a good answer which may help: Parse Database Authorization - Security For User Objects.
So, it's a kind of Parse SDK limitation, when you can work with only one user per device (as ParseUser is cached locally). The only workaround that I can see is to perform SignOut/Login explicitly, when you need to do something from other user's context. There is no way to have two users work simultaneously from the same device.

SSO on Maintaining session in 2 different servers

Sorry if this is a bit long. Got a requirement to integrate our application with client's main portal site. The portal is maintained with a SAML 2.0 SSO features and as such, we'll need to integrate our login using SAML 2.0 as well.
The integration is done via an iframe, i.e. on the main portal, an iframe with the url pointing to our application. When user is logged in and click on a menu link, he/she will be presented with the iframe page, with our session checking with their IDP to make sure they are valid users. If so, then our application will continue to load as per usual.
The issue is that we'll need to maintain our session on our servers, while they shall maintain the session on their app server. If the user stayed on our site for a while, the session on the client main portal will timeout. And when the user click on the main portal link, they will be required to log in again.
It is suggested that when the user tries to navigate to the main portal pages, it will call a service (for now assuming it's an IDP) on our end to check whether the user session is valid or not. If it is, then we need to return a SAML response to them to validate the user.
We're exploring setting up an IDP service at our end to facilitates this, but it seems to be overkill to me. Is there a way for an IDP to only provides check on a user's session? Or is there a better option for us to achieve this?
Things that could not be changed:
1. SSO language: SAML 2.0
2. Server: Weblogic 10+
3. HTTPS a must.
Appreciate any suggestion or feedback.
Thanks.
Based on the provided information, I assume your application runs on WebLogic 10+. If the remote server too uses WebLogic you might be able to just implement the SAML authentication between the WebLogic federation. This will simplify everything and you don't need to do complicated application customization.
If the remote site does implement SAML and not on WebLogic, you still should be able to implement SAML authentication through the WebLogic configuration. This is straightforward and can be done without much hassle.
However, please be reminded that WebLogic 10+ does not support SAML SSO logout. Therefore, this needs to be handled separately.

how to invalidate another session in worklight

Customer want to restrict duplicate login for the App, once user login from another phone, the session of previous phone should be invalidated.
but I can't find the API for worklight to do this, besides using push, another suggestions? thank you very much.
Worklight indeed does not provide any API for this type of scenario.
Here is what I am thinking as an example of what can be done:
Device #1 is an Asus, device #2 is an LG
As the user log-ins, you will store the device information in the Worklight database (using WL.Client.setUserPref)
When the user will try to log-in again from another device, you could pull the existing pref (using WL.Client.getUserPref) and compare the device types
If they are not the same, logout current userId and re-login
(Consult the user documentation for additional API methods around userpref)
This could be a way to ensure the user is logged only from one device.
You could also use the userId associated with the deviceId and update upon every login if (currentDeviceId != latestDeviceId) logout(); and so on...
Here I have posted a implementation mechanism which strikes in my mind.
Its still a suggestion.
Whenever a user tries to login an entry can be made in backend[DB/Webserice] which tells about the user/device information.
If the user info is existing already then you can prompt a dialog box to the user The account has been logged in already, if you continue to login the previous session would be logged out trigger a push notification to the previously logged in user device, if user continues.
Now a notification will be reached to previously logged in device. Here you can implement the logic to execute the WL.Client.logout(realm, options).
It would be great if someone post answer better than what I did.
And also let me know if my suggestion was helpful or not.

Single Sign On on Multiple Apps Windows Phone

We are developing multiple apps for our client which all can be used using same credentials(credentials of there company portal).
So we want to implement something like single sign on, such that user need not to login each app.
I have already gone through these links
http://msdn.microsoft.com/en-us/library/live/hh826544.aspx
http://stackoverflow.com/questions/5598411/single-sign-on-choices-to-use-with-windows-phone-7
Here is what i need exactly:
step 1.) When user login to one app(say App1), the portal will return a token, ineed to store this token somewhere, such that only authorized apps can access this.
Step 2.) when any other app(of same group) launches it will check on the location for the token and if token exists, it will not demand for credentials.
Step.3) When user logs out from any app, it will remove the token from shared location.
We have already implemented this in IOS using keychain(possibly wrong term as i am not ios developer).This keychain provides a common space for the apps signed with same certificate.
As per my knowledge uptill windows phone 7.5 there is no possibility. Does windows Phone 8 has something for this.
If not i am open to any kind of suggestions to serve the purpose.
P.S. : Security is our major concern, So when you suggest please let us know you think there could be any security concers though hack or phone loss.
Thanks a lot..
I hope to be corrected but this won't work. Apps are isolated and can't share things like data packets and such.
i am not a windows app guy.
but a trick can work.
caution:
following can raise security concerns if API token expiration time limit is not properly considered.
use firesharp / any XMPP service (suitable for windows client) to send api tokens to other devices like notification message.
handle the notification in such a way that token is not displayed.
and also remember, there is no such think as log out in API authorization.
you will have to restrict access with token expiration time limit.

How to cache user credentials for asp.net mvc3 mobile application

I have developed a mobile application using asp.net mvc3,html5,jquerymobile. I am authenticating the user using the ADFS authentication. Using IPAD or IPhone once the user is authenticated he is able to perform a download functionality in order to download an application. Now once the download functionality is completed when the user again tries to navigate back to the application he is prompted with the login window once again.
I need to stop the user from again entering the login credentials once again. So I thought of caching the user credentials will be good idea.
Can anyone help me to know how can we cache the user credential details in this case in order to prevent the user from entering the login credentials once again.
Thanks & Regards,
Santosh Kumar Patro
You could use persistent cookies. When authenticating simply pass true as second argument to the FormsAuthentication.SetAuthCookie method. This will emit a cookie that will be stored on the client for the given timeout period that you specify in the <forms> of your web.config.

Resources