If you have an app where users need to authenticate, you can improve security by adding federated authentication to your app. You If you will implement federated authentication you should use OpenID Connect OpenID Connect as an identity layer. This will allow your client to verify the identity of the end-user based on the authentication performed by an authorization server, as well as to obtain basic profile information about the end-user. SURFnet offers a code base you can embed in your code. SAML is not suited for this. Read on to learn more about adding federated authentication in your app.
...
One of the most heard objectives to ‘doing login right’ is that the user-flow or user-experience is worse than when you just offer input fields for a user id and a password. This might be true but realize that companies like Google, Facebook and the Internet Engineering Task Force use and recommend the this simply because this helps keeping the end user secure which is of the utmost importance.
...
We blogged about our SURF software development kits to have federated login to native applications (the right way).
Questions
If you want more information, please email Raoul.teeuwen@surfnet.nl or contact us at support@surfconext.nl.