We are in requirement of implementation of SAML spec using shibboleth through restful APIs for communication between mobile client and our server. Basic flow for the login is as follows :
Social login flow would be something like this :
Can anyone provide with inputs if this is the right approach and if this is possible or not.
Also once the token is received on the mobile client the mobile client needs to be able to authenticate the user via a client side idp when the device is offline. Is there a version of shibboleth idp for mobile client which can be used for client side validation.
Note mobile clients here referred to are Android and iOS.