iOS客户端证书和移动设备管理 [英] iOS Client Certificates and Mobile Device Management
问题描述
我们的客户希望使用MDM(移动设备管理)解决方案(MobileIron)将客户端证书安装到企业iOS设备上,以限制仅限企业设备访问某些企业Web服务。
Our customers want to use an MDM (mobile device management) solution (MobileIron) to install client certificates onto corporate iOS devices, in order to limit access to certain corporate web services to corporate devices only.
MobileIron将客户端证书安装到设置>常规>配置文件中,这是iOS中证书的默认位置,当公司Web服务遇到挑战时,Safari可以使用此证书进行响应它是一个。
MobileIron installs the client certificate into Settings > General > Profiles, which is the default location for certificates in iOS, and Safari can respond with this certificate when a corporate web service challenges it for one.
但我需要在自定义应用程序中发生同样的事情。当我们的应用程序受到证书挑战时,我需要能够使用设置>常规>配置文件中的证书进行响应。我有一个使用我们的应用程序捆绑的证书进行响应的示例,以及我们的应用程序存储在其自己的钥匙串中的证书,但我不有一个响应安装在证书上的证书的示例设置>常规>配置文件中的设备。
But I need the same thing to happen from within a custom app. When our app gets challenged for a certificate, I need to be able to respond with the certificate from Settings > General > Profiles. I have examples of responding with a certificate which is bundled with our app, and with a certificate which our app stores within its own keychain, but I do not have an example of responding with a certificate installed on the device in Settings > General > Profiles.
任何人都可以向我解释更多关于 NSURLAuthenticationChallengeSender 协议方法 -performDefaultHandlingForAuthenticationChallenge:呢? 默认处理是否意味着iOS有效地代表应用程序响应挑战?此响应是否包含存储在设置>常规>配置文件中的客户端证书?
Can anyone explain to me more about what the NSURLAuthenticationChallengeSender protocol method -performDefaultHandlingForAuthenticationChallenge: does? Does default handling mean that iOS effectively responds to the challenge on behalf of the app? Can this response include a client certificate stored in Settings > General > Profiles?
更新
如果MDM可以在应用程序钥匙串中安装客户端证书,那将是完美的。
If the MDM could install a client certificate into the app keychain, that would be perfect.
推荐答案
Apple技术支持向我发出以下技术说明:
Apple tech support pointed me to the following tech note in response:
https://developer.apple.com/library/ios/qa/qa1745/_index.html
To总结一下,我们不想支持。
To summarise, what we want to do is not supported.
这篇关于iOS客户端证书和移动设备管理的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
