Having used such as WAB to talk to AAD on a windows phone 8.1 and even used its cookie container so other apps can benefit from the IDPs cookies when getting their own tokens, how does one then launch a native browser to a webapp site WITH SSO experience?
One cannot just do a sp-initiated flow, on navigating to the site - since the browser has no cookes (not being having access to the WAB's cookie container). but, we DO have the bearer JWT token, of course. ws-federation with JWT works, for those WIF-sites extended with the JWT securitytoken handler that augments the token handling capabilities of the ws-federation protocol handler, of course
So whats the model?
Yes, I know it doesn't fit any of the "models" nicely laid out in Stuart Kwan's Build presentation. But, its also reality. If one uses the priceline app and one reaches the limit of its native functionality, it launches the phone's browser on the pricline web app ..to get the user to the "full experience" available only at the site. Obviously, we want SSO....with that phone handoff from native app to browser.