Xamarin android OAuth with ADFS and ADAL Issues

I am writing a Xamarin.Forms app that uses ADAL to authenticate with.

I am using ADFS for authentication and am only worried about the Android client right now. My problem is, whenever I invoke the AcquireTokenAsync, I get the login screen but with no content.

I have already proved out getting a token from ADFS using postman and had no issues.

My code (I am just trying to prove this out right now, I don't really care about the implementation):

     string authority = "adfs_url";
     string resourceURI = "myidentity";
     string clientID = "123-123-123";
     string clientReturnURI = "somelocalhost";


     var authContext = new AuthenticationContext(authority,false);

        Task.Run(async () =>
        {
            var authResultAsync = await authContext.AcquireTokenAsync(resourceURI, clientID, new Uri(clientReturnURI), PlatformParameters);
        });

My platform parameters are being set in the Page Renderer

protected override void OnElementChanged(ElementChangedEventArgs<Page> e)
{
    base.OnElementChanged(e);

    this.page = e.NewElement as MainPage;
    this.page.PlatformParameters = new PlatformParameters(this.Context as Activity);
}

The only lead I have is I get this in my console output

Failed to validate the certificate chain, error: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

And I also get this, but it seems to be a red herring (some blog post said with just shows up on Android N devices which is the sdk level I am using)

Rejecting re-init on previously-failed class java.lang.Class: java.lang.NoClassDefFoundError: Failed resolution of: Landroid/webkit/TracingController;

Any help on this would be great appreciated, I have really been banging my head against it for a couple of days.

Answers

  • jezhjezh Member, Xamarin Team Xamurai

    From the error java.security.cert.CertPathValidatorException: Trust anchor for certification path not found, we can know that your request is not trusted by the server. You can check the trusted credentials in your device to make sure it contains the root certificate and intermediate certificate.
    You basically have four potential solutions to fix a "Not Trusted" exception on Android using httpclient:
    1. Trust all certificates. Don't do this, unless you really know what you're doing.
    2. Create a custom SSLSocketFactory that trusts only your certificate. This works as long as you know exactly which servers you're going to connect to, but as soon as you need to connect to a new server with a different SSL certificate, you'll need to update your app.
    3. Create a keystore file that contains Android's "master list" of certificates, then add your own. If any of those certs expire down the road, you are responsible for updating them in your app. I can't think of a reason to do this.
    4. Create a custom SSLSocketFactory that uses the built-in certificate KeyStore, but falls back on an alternate KeyStore for anything that fails to verify with the default.

    For more details: https://stackoverflow.com/questions/2642777/trusting-all-certificates-using-httpclient-over-https/6378872#6378872

  • jezhjezh Member, Xamarin Team Xamurai

    Have you got the solution?

Sign In or Register to comment.