cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SUP PKI/LDAP/Certificate authentication for iOS client

Go to solution
Former Member

on ‎06-01-2012 6:08 PM

0 Kudos

Hello Gurus,

We are developing SAP-SUP-iOS project that requires Certificate based authentication for the iOS client.

Is this kind of authentication supported by SUP?

Idea is that iOS app will have x.509 certificate that will be send to SUP Authenticator and verified against separate LDAP server for validity and separate OSCP server for revocation status. If certificate passes all the verifications then client will be authenticated in SUP.

I found 2 Authentication providers available in SCC but I'm not sure if this is what I need to use: LDAPLoginModule and CertificateValidationLoginModule.

Any help and especially Objective-C code snippets would be greatly appreciated!

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎06-02-2012 11:16 AM
0 Kudos

Hi Elvin

I am into a similar project thats uses iOS - SUP - SAP. Though we use user/pwd authentication certificate is indeed supported. If you check the MBO creation dialog you have an option to specify runtime credentials which primarily shows user name and password personalisation parameters. In the box below you can see a number of properties that can be set with personalisation paramters{ensure you click inside the box and u will see it is editable}.

You can create a peronalisation parameter to pickup a blob, assign to the certificate field in MBO and give it to the iOS developer using gen code. The developer should be able to set this personalisation parameter with the certificate on device.

The only problem is how you will get this certificate across to the device{hope u have an MDM}. For e.g. we have 1000 devices so we have to send one across to thousand devices. It also means I have to encrypt connection with the SUP server to avoid snoop in. Most importantly the certificate will go into your key store in the iOS device so check how you can secure it from the users.

Regards

Lakshminarayanan.V

Show replies
Show replies

Answers (1)

Answers (1)

Former Member
‎02-27-2013 6:40 AM
0 Kudos

Hi Elvin,

I have similar requirement here. Could please share how did you implemented this?

Show replies
Show replies
Ask a Question