Hi,
Currently my application accepts user name and password to login. Let me know whether any alternative way to do login process in secure way other than user typing user name and password. Is it possible to do with certificate installed in the user device through mail or MDM.
Is it possible to do with certificate installed in the user device through mail or MDM.
No. Such certificates (actually digital identities) go into an Apple ‘slice’ of the keychain, which you don’t have access to. QA1745 Making Certificates and Keys Available To Your App has the details.
If you’re working in an enterprise environment (seems likely given that you mentioned MDM), the best option is to support Single Sign-On (SSO). This allows you app to access secure resources without any extra code on your part. If necessary you can use SSO to ‘bootstrap’ your certificate-based authentication, that is, use SSO to download a PCKS#12 holding a digital identity that you can import into your ‘slice’ of the keychain, and thence use for authentication with other services.
If that’s not feasible than the only reasonable to support digital identities for authentication is to provide your own infrastructure for importing them into your app.
ps IMOH it would be really nice if configuration profiles provided some way to configure the keychain access group into which digital identities get placed. If you think that’d be useful to you, I encourage you to file an enhancement request describing your requirements. While we may have seen similar requests many times before, a fresh bug report will allow you to express your needs in your own terms, and allow iOS engineering to gauge the level of demand.
Please post your bug number, just for the record.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"Is it possible to do with certificate installed in the user device through mail or MDM.
No. Such certificates (actually digital identities) go into an Apple ‘slice’ of the keychain, which you don’t have access to. QA1745 Making Certificates and Keys Available To Your App has the details.
If you’re working in an enterprise environment (seems likely given that you mentioned MDM), the best option is to support Single Sign-On (SSO). This allows you app to access secure resources without any extra code on your part. If necessary you can use SSO to ‘bootstrap’ your certificate-based authentication, that is, use SSO to download a PCKS#12 holding a digital identity that you can import into your ‘slice’ of the keychain, and thence use for authentication with other services.
If that’s not feasible than the only reasonable to support digital identities for authentication is to provide your own infrastructure for importing them into your app.
ps IMOH it would be really nice if configuration profiles provided some way to configure the keychain access group into which digital identities get placed. If you think that’d be useful to you, I encourage you to file an enhancement request describing your requirements. While we may have seen similar requests many times before, a fresh bug report will allow you to express your needs in your own terms, and allow iOS engineering to gauge the level of demand.
Please post your bug number, just for the record.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"It will be really helpful If you can provide some help or tutorial links to understand how to implement SSO.
I don’t have any direct experience setting up SSO myself (I’ve never needed to because it has no developer surface). I usually direct questions like this to the iOS Deployment Reference and, if that doesn't help, the Apple Support Communities, run by AppleCare and specifically one of the In Business and Education topic areas. The folks over there have more experience with issues like this.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"