I am trying to log in to a Flutter application via SAML, this requires loading a Webview at an https endpoint which will then perform some redirects.
As I am developing this application I need to hit a local https endpoint to start the process, which is backed by a self signed certificate. I also have a self signed CA certificate.
I have added the CA certificate to the Android emulator I am using to test (default emulator from Android Studio) and it appears under the "User" tab under Trusted Credentials. However, when I set the Webview to navigate to my local https endpoint it displays a white screen.
I have tested this further by running MITM proxy, installing their cert at mitm.it (which is also installed as a "User" cert), and navigating the Webview to http://google.com. I can watch the traffic and see that it returns a redirect to https://google.com, but the Webview never loads that page and instead displays the white page again. I believe this is because it doesn't trust the User cert for mitm.
I see 2 possible ways of solving this:
- Force webview_flutter to use the User certs and not only System.
- Allow webview_flutter to ignore any certificate errors.