我正在尝试通过 Android 应用程序将 SAML 与 Amazon Cognito 集成。我关注了 101apps.co.za 的一系列 YouTube 视频,其中我成功地通过使用他们在文档中提供的链接格式的托管 UI 以及通过我的简单 Android 应用程序在 Cognito 控制台本身上对手动创建的用户进行了身份验证。
在我的场景中,我应该使用 Office 365 电子邮件 ID 和密码对用户进行身份验证,因为这是企业环境。
我确实按照一篇文章成功使用 Office 365 登录。
关联 -AWS Cognito 与 Office 365 联合 https://www.idea11.com.au/how-to-set-up-aws-cognito-federation-office365/我能够使用 Cognito 生成的 UI 轻松登录。参考下图
唯一的问题是我无法让它在我的 Android 应用程序上运行。下面是我得到的错误。
Login failed User does not exist. (Service: AmazonCognitoIdentityProvider; Status Code: 400; Error Code: UserNotFoundException; Request ID: 3cd1e93e-d118-11e8-af77-098f4bda99f1)
下面是我的简单 Android 应用程序的代码,该应用程序有 2 个用于用户名、密码的文本框和一个登录按钮。这是按照我之前提到的 YouTube 教程系列实现的。
package com.midassafety.chulankumara.googleauthentication;
import android.support.v7.app.AppCompatActivity;
import android.os.Bundle;
import android.util.Log;
import android.view.View;
import android.widget.Button;
import android.widget.EditText;
import android.widget.TextView;
import com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoDevice;
import com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUser;
import com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUserSession;
import com.amazonaws.mobileconnectors.cognitoidentityprovider.continuations.AuthenticationContinuation;
import com.amazonaws.mobileconnectors.cognitoidentityprovider.continuations.AuthenticationDetails;
import com.amazonaws.mobileconnectors.cognitoidentityprovider.continuations.ChallengeContinuation;
import com.amazonaws.mobileconnectors.cognitoidentityprovider.continuations.MultiFactorAuthenticationContinuation;
import com.amazonaws.mobileconnectors.cognitoidentityprovider.handlers.AuthenticationHandler;
import org.w3c.dom.Text;
public class LoginActivity extends AppCompatActivity {
private static final String TAG = "Cognito";
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_login);
final EditText editTextUsername = findViewById(R.id.username);
final EditText editTextPassword = findViewById(R.id.password);
final AuthenticationHandler authenticationHandler = new AuthenticationHandler() {
@Override
public void onSuccess(CognitoUserSession cognitoUserSession, CognitoDevice cognitoDevice) {
Log.i(TAG, "Login successfull, can get tokens here");
cognitoUserSession.getIdToken();
}
@Override
public void getAuthenticationDetails(AuthenticationContinuation authenticationContinuation, String userId) {
Log.i(TAG, "Login getAuthenticationDetails()...");
/*need to get the userId & password to continue*/
AuthenticationDetails authenticationDetails = new AuthenticationDetails(userId, String.valueOf(editTextPassword.getText()), null);
// Pass the user sign-in credentials to the continuation
authenticationContinuation.setAuthenticationDetails(authenticationDetails);
// Allow this sign-in to continue
authenticationContinuation.continueTask();
}
@Override
public void getMFACode(MultiFactorAuthenticationContinuation multiFactorAuthenticationContinuation) {
Log.i(TAG, "Login getMFACode()...");
}
@Override
public void authenticationChallenge(ChallengeContinuation challengeContinuation) {
Log.i(TAG, "Login authenticationChallenge()...");
}
@Override
public void onFailure(Exception e) {
Log.i(TAG,"Login failed " + e.getLocalizedMessage());
}
};
Button buttonLogin = findViewById(R.id.login);
buttonLogin.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View v) {
CognitoSettings cognitoSettings = new CognitoSettings(LoginActivity.this);
CognitoUser thisUser = cognitoSettings.getUserPool().getUser(String.valueOf(editTextUsername.getText()));
Log.i(TAG,"Login button clicked....");
thisUser.getSessionInBackground(authenticationHandler);
}
});
}
}
这是处理基本设置的 CognitoSettings.java 类
package com.midassafety.chulankumara.googleauthentication;
import android.content.Context;
import android.content.Intent;
import android.net.Uri;
import android.os.Bundle;
import android.support.annotation.NonNull;
import android.support.annotation.Nullable;
import android.support.v7.app.AppCompatActivity;
import android.util.Log;
import android.view.Gravity;
import android.view.View;
import android.widget.Button;
import android.widget.TextView;
import android.widget.Toast;
import com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUserPool;
import com.amazonaws.regions.Regions;
public class CognitoSettings {
private String userPoolId = "ap-southeast-1_######";
private String clientId = "#############";
private String clientSecret = "************************redacted********************";
private Regions cognitoRegion = Regions.AP_SOUTHEAST_1;
private Context context;
public CognitoSettings(Context context){
this.context = context;
}
public String getUserPoolId(){
return userPoolId;
}
public String getClientId(){
return clientId;
}
public String getClientSecret() {
return clientSecret;
}
public Regions getCognitoRegion() {
return cognitoRegion;
}
public CognitoUserPool getUserPool(){
return new CognitoUserPool(context, userPoolId, clientId, clientSecret, cognitoRegion);
}
}
我检查 UserPool 并查看我创建的 SAML 身份提供商的自动生成组。
我已经在互联网上浏览了一整天,但没有运气。
我做错了什么或者我应该采取更多措施来使用 SAML 和 O365 对用户进行身份验证?