Skip to content
Daniel Dobalian edited this page Jun 20, 2018 · 6 revisions

SSO with ADAL Android

Basics

Single Sign-On (SSO) enables users to only enter their credentials once and have the session automatically work across applications they may use (after having consented and provisioned those apps initially). This provides a magical experience to your customers and reduces the drop off of a sign in page.

Azure AD provides several ways to achieve SSO as a platform, and this library allows Android apps to take advantage of these mechanisms.

For a full doc on this topic, checkout Azure AD SSO on Android.

Token Brokers

Microsoft provides applications on all platforms, including Android, to allow for bridging of credentials across applications via a centralized application that manages the user's identity. This centralized app is called a token broker. They can be downloaded in the Google Play store:

Broker assisted SSO

  1. Configure the token broker Using broker assisted SSO is simple and easy to configure. You'll need to use the AuthenticationSesstings optional configure to enable broker,

    AuthenticationSessings.Instance.setUseBroker(true);

  2. Configure reply/redirect URIs

    • Next, you'll need to configure a special reply/redirect URI using the certificate fingerprint in the Google play store. This can be found using a few mechanisms, here's a helpful StackOverflow post contianing a method capable of producing the cert fingerprint of your app.

    • Once you have the cert fingerprint of your app, you can configure your need reply/redirect URI in the Azure portal using the following format,

    msauth://packagename/Base64UrlEncodedSignature(Cert fingerprint)

    For example,

    msauth://com.example.userapp/IcB5PxIyvbLkbFVtBI%2FitkW%2Fejk%3D

    • Make sure to update the new reply/redirect uri in your app's code.
  3. Configure app permissions to use the token broker.

    Add the following permissions in your AndroidManfiest.xml,

    <uses-permission android:name="android.permission.INTERNET" />
    <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
    <uses-permission android:name="android.permission.GET_ACCOUNTS" />
    <uses-permission android:name="android.permission.MANAGE_ACCOUNTS" />
    <uses-permission android:name="android.permission.USE_CREDENTIALS" />
    
Clone this wiki locally