Reputation: 29
How to read the certificate from system keychain in IOS for Mutual authentication in SAP fiori client
We are implementing a scenario where we develop a custom fiori client(SAP) for IOS device. The application initially makes a call to F5 reverse proxy server for mutual authentication. Here, the application (native) has to read the user certificate from the system keychain of the device and present it to F5 server for authentication.
The user certificate will be installed as a part of enrollment with Microsoft Intune in the device. So, the MDM we are using here is Microsoft Intune. As per the solution provided by SAP, the p12 file has to be included in the resources folder of the X-code project while building the fiori client which cannot be possible due to client's security policies. So, it has to be read dynamically when the user launches the application and present the same to proxy server for further authentication.
Can anyone provide us a feasible solution through IOS coding or any other means so as to achieve the current requirement.
Thanks in advance.....
Upvotes: 2
Views: 1093
Answers (3)
Reputation: 2397
Use a base64 string and import it using parameters, InTune or URL. MDM parameters are unencrypted so I'd recommend using a link. You can add additional security to this by encrypting it, which turns it into a string. Just account for both the cert being base64 before and after the encryption when importing.
Upvotes: 0
Reputation:
The following are some options that can be used to provision the client certificate to ios fiori app
- SAP Afaria certificate provider. The device needs to use SAP afaria as MDM
- SAP Mobile Secure certificate provider. The device needs to use SAP cloud platform mobile secure as MDM
- Getting a third party SSO app which can import the client certificate into its keychain, and then sharing the SSO app’s keychain with the fiori app
- Including a client certificate p12 file into application bundle or downloading the p12 file to the application container at runtime, then use Kapsel File certificate provider to add the cert into app keychain
- Send the client cert file as an email attachment and let user import the certificate to fiori client
- Implementing a custom certificate provider using the third party MDM solution provider's SDK to import the client certificate into application keychain. Using a Third-Party Certificate Provider
Upvotes: 2
Reputation:
In this blog Appendix F: Using OAuth with Kapsel, there is a section that demonstrates one app loading a certificate into its keychain and then a second app sharing the first app’s keychain so that it can access the certificate.
There is also a concept of writing native code that implements an interface that the logon plugin would use to call when it requires a certificate. That is described further at Using the X.509 Certificate Provider Interface to Integrate with Third-Party Certificate Providers and SAP Mobile SDK
Upvotes: 0
Related Questions
- How can I import a certificate into the iOS keychain?
- how to read application's certificate information in IOS
- Finding a certificate on iOS
- How to use Client Certificate Authentication in iOS App
- How to implement SSL mutual authentication in iOS where the client certificate is loaded remotely?
- Get Certificates list from iOS device
- My Access KeyChain certificate
- Client certificates on iPhone-simulator
- Get Certificates in Keychain
- How to retrieve the ssl server certificate in iOS?