NimbostratusAPM used for Mobile Authentication
I am not sure if this is the right forum to ask this question but I will ask it anyways.
Lately, I had been doing some research on Mobile Authentication mechanism and saw a great developer guide from Google on this subject.
https://developers.google.com/accounts/docs/MobileApps
In this article, it talks about using either OpenID or SAML protocol for authenticating, how to get the token from the HTTP response and how to use it to secure API calls for the enterprise.
Now, I know that since F5 platform version 11.3 and up, the APM module now supports the SAML protocol. Has anyone tried to use F5 APM product in conjunction with the technique that Google Developer site had posted? If there is, is there a published article on this in the F5 Dev Central?
Also, if no one has done this before, can this be done? I am particularly concern especially as the article mentions items which I am not sure if it can be done through F5 APM which are:
-Using the APM Authentication Cookie as a Security Token
-Setting the cookie name as well-known name such as
after authentication to issue the tokenauth_token
-Passing the token as a HTTP header parameter rather than as a cookie parameter when the mobile client is executing API calls
-Validating that the token can only be used in API calls and not for web application browsing.
-Ensuring that the token doesn't have the typical short lifespan (e.g. 30 mins) of a browser session - it only expires when it is manually revoked or the user's password has been changed
Any thoughts and feedback on this matter would be great. Thank you.