Authenticate Android with ADFS
miniOrange provides a ready to use solution for Android application. Log in to your Android application with ADFS or any other social or enterprise credential store.

Android with ADFS using miniOrange


Follow the Step-by-Step Guide given below to integrate your Android app with ADFS.

Step 1: Create ADFS as Identity Source in miniOrange

Step 2: Configure miniOrange as relying party in ADFS

Step 3: Creating an external app in miniOrange

Step 4: Integrate in your Android App

Creating the Authentication Request token

Pre-requisites:
Customer Key – for creating the final Endpoint URL
App Secret – for creating the token
Customer Token Key – for encrypting the generated token

Creating the Request token:
The request token must be in the following format:{Current_Timestamp_In_Milliseconds}:{App_Secret}
For example:1454392823570:abcdefghijklmnop
NOTE: Each Token is valid for 60 seconds.

When the token is created, you will need to encrypt the token value using the Customer Token Key. Use the following method to encrypt the token:
Encryption method: AES
Operation Mode: ECB
Padding Scheme: PKCS5 Padding

Example JAVA Code for encrypting the token:
public static String encrypt(String text) throws Exception {
		Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
		SecretKeySpec keyspec = 
	new SecretKeySpec("Customer_Token_Key".getBytes(), "AES");

	if (text == null || text.length() == 0)
	throw new Exception("Empty string");
	byte[] encrypted = null;
	try {
	cipher.init(Cipher.ENCRYPT_MODE, keyspec );
	encrypted = cipher.doFinal(text.getBytes());
	} catch (Exception e) {
	throw new Exception("[encrypt] " + e.getMessage());
	}
	return Base64.encodeBase64String(encrypted);
	}
If the Customer Token Key used to encrypt the above token is: klmnopqrstuvwxyz
The encrypted value for the above mentioned token should be:PJm8sn7Q1BYjdu7nXLAoATJOwuCecSxFeEz2MJzQShc=

Once the encrypted token is created, URL encode the encrypted token and append it to the miniOrange endpoint and redirect the user. Here is the final URL where you should redirect the user:
https://auth.miniorange.com/moas/broker/login/jwt/{YOUR_CUSTOMER_KEY}?token=PJm8sn7Q1BYjdu7nXLAoATJOwuCecSxFeEz2MJzQShc%3D
Replace {YOUR_CUSTOMER_KEY} with the Customer Key you have.

Receiving and Verifying the JWT token
The JWT token can be found in Query String Parameter id_token.
For Example, in Java you can get the JWT token like this:
String jwtToken = request.getParameter("id_token");

For verifying the JWT token, you will need the Certificate you downloaded from miniOrange. You can use the open source libraries available on http://jwt.io/ If you are using the library for Java, you can use jose4j library https://bitbucket.org/b_c/jose4j/wiki/Home
You can follow this example of jose4j to verify the JWT token received: https://bitbucket.org/b_c/jose4j/wiki/JWT%20Examples