Xamarin android OAuth with ADFS and ADAL Issues

cmw9706cmw9706 Member ✭✭

I am writing a Xamarin.Forms app that uses ADAL to authenticate with.

I am using ADFS for authentication and am only worried about the Android client right now. My problem is, whenever I invoke the AcquireTokenAsync, I get the login screen but with no content.

I have already proved out getting a token from ADFS using postman and had no issues.

My code (I am just trying to prove this out right now, I don't really care about the implementation):

     string authority = "adfs_url";
     string resourceURI = "myidentity";
     string clientID = "123-123-123";
     string clientReturnURI = "somelocalhost";


     var authContext = new AuthenticationContext(authority,false);

        Task.Run(async () =>
        {
            var authResultAsync = await authContext.AcquireTokenAsync(resourceURI, clientID, new Uri(clientReturnURI), PlatformParameters);
        });

My platform parameters are being set in the Page Renderer

protected override void OnElementChanged(ElementChangedEventArgs<Page> e)
{
    base.OnElementChanged(e);

    this.page = e.NewElement as MainPage;
    this.page.PlatformParameters = new PlatformParameters(this.Context as Activity);
}

The only lead I have is I get this in my console output

Failed to validate the certificate chain, error: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

And I also get this, but it seems to be a red herring (some blog post said with just shows up on Android N devices which is the sdk level I am using)

Rejecting re-init on previously-failed class java.lang.Class: java.lang.NoClassDefFoundError: Failed resolution of: Landroid/webkit/TracingController;

Any help on this would be great appreciated, I have really been banging my head against it for a couple of days.

Answers

  • jezhjezh Member, Xamarin Team Xamurai

    From the error java.security.cert.CertPathValidatorException: Trust anchor for certification path not found, we can know that your request is not trusted by the server. You can check the trusted credentials in your device to make sure it contains the root certificate and intermediate certificate.
    You basically have four potential solutions to fix a "Not Trusted" exception on Android using httpclient:
    1. Trust all certificates. Don't do this, unless you really know what you're doing.
    2. Create a custom SSLSocketFactory that trusts only your certificate. This works as long as you know exactly which servers you're going to connect to, but as soon as you need to connect to a new server with a different SSL certificate, you'll need to update your app.
    3. Create a keystore file that contains Android's "master list" of certificates, then add your own. If any of those certs expire down the road, you are responsible for updating them in your app. I can't think of a reason to do this.
    4. Create a custom SSLSocketFactory that uses the built-in certificate KeyStore, but falls back on an alternate KeyStore for anything that fails to verify with the default.

    For more details: https://stackoverflow.com/questions/2642777/trusting-all-certificates-using-httpclient-over-https/6378872#6378872

  • jezhjezh Member, Xamarin Team Xamurai

    Have you got the solution?

  • wagenheimerwagenheimer Member ✭✭

    Anybody solved this problem and has a Xamarin Forms Solution?

  • cmw9706cmw9706 Member ✭✭

    You basically can't do this. I attempted all the proposed solutions and they didn't work. There maybe a way that you can pull the Xamarin repo and hack the android http handler to get it to work?? But just getting a valid ssl cert is way easier, so do that.

    I ended up just getting my server guy to get me an SSL cert from go daddy and it worked fine.

Sign In or Register to comment.