Using the app as an authenticator, meaning that the app is only a security instrument. The authentication process itself is started in a browser, where the user inputs his username before a push message is sent to the app to request PIN/fingerprint. The resulting SAML response is passed to the customer’s target URL via the browser, identical to how it’s done in normal SAML-based Signicat authentication.
1) User provides a username/id
In order to start the authentication, the user is sent to Signicat for authentication, the same way you would do for other authentication methods Signicat provide.
The user is asked for username/id and, optionally his/hers password. Based on this input, an authentication request is sent to the user’s device in form of a push message.
2) Start authentication when push message are received
When the app receives a push message indicating that authentication should be started, it must initiate the authentication process.
For best user experience, the app should support being started or woken up when a push message arrives.
The response from starting the authentication will contain information on what kind of authentication mechanism is to be used (PIN/fingerprint).
3) Ask user for PIN or fingerprint
Based on what kind of authentication is requested, the app must ask the user for PIN or fingerprint, before completing the authentication.
4) Receive and verify SAML response
The result of the authentication will be a normal SAML response, which needs to be validated