如果您需要将您的移动应用用户对一个SAML 2.0 IDP进行身份验证，那么你就不会建设成机器人（或iOS）这一点。***的做法是让你的移动应用程序使用OAuthv2和交换/由IDP为本地SP产生一个SAML响应OAuth的令牌。从本质上讲，应用程序将启动浏览器的WebView瓦特/在你的应用开展了SAML的Web SSO配置文件，这将导致您的AS给你的移动应用程序OAuth凭证。它不是必需的在这类情况下要使用OAuth，但它会增加安全性与;你的移动应用标准的支持。

If you need to authenticate your mobile app users against a SAML 2.0 IDP, then you would NOT build this into Android (or iOS). Best practice would be to have your mobile app use OAuthv2 and exchange a SAML Response generated by the IDP for your local SP/AS OAuth token. Essentially, the application would launch the WebView browser w/in your application to carry out the SAML Web SSO profile which would result in your AS giving your mobile app an OAuth token. It's not required to use OAuth in this type of scenario, but it will add security & standard support to your mobile application.

中国平安身份[注：我不平安工作]做大量的工作，使SAML / OAuth的快速和容易的SaaS提供商来实现（超过250 SaaS供应商和增长）。请查看 https://www.pingidentity.com/products/pingfederate/secure -mobile-access.cfm

Ping Identity [Note: I do work for Ping] has done a ton of work to make SAML/OAuth quick and easy for SaaS Providers to implement (over 250 SaaS Providers and growing). Check out https://www.pingidentity.com/products/pingfederate/secure-mobile-access.cfm

HTH = -
伊恩

HTH =- Ian