I am creating an iPhone app where we want to use x.509 certificates for client authentication. The user can install their cert from an email... It shows up under Settings -> General -> Profiles...
However I am unable to read these certificate from my app...
I want to provide an interface similar to provided by Junos Pulse VPN client... A configuration window listing all the certificates in the device keychain and let the user select their identity.
How do I go about achieving this???
The Junos Pulse app is apparently getting its access via a VPN plugin which is a private API supplied by Apple on an invitation-only basis. That API is giving the app access to those certificates otherwise accessible only to built-in iOS apps like Safari.
Review the following which were very helpful when I was researching the topic:
iOS get Configuration Profiles that are installed
(Apple Development post linked in one of the answers)
https://devforums.apple.com/message/660579#660579
You cannot access that keychain. And, yes, use search.
From Apple Docs:
The iOS gives an application access to only its own keychain items.
Read more here: Keychain Services Programming Guide
Related
I am trying to set up a custom SAML Web app with auto provisioning in my google admin. I am able to create an custom SAML Web app but the auto provisioning feature is not available. As per this community link there are a bunch of other apps which provide auto provisioning. I couldn’t find a way to setup a custom one.
I am creating a custom SAML Web app by following steps:
Logging into google admin
App -> Web and Mobile Apps -> Add App -> Add custom SAML App
Below is how it looks after i create few apps already present in the apps list and when i create a custom SAML App. The custom app clearly does not have the User auto provisioning or there is a setting for the same which i am missing.
How do i set up auto provisioning for custom SAML Web app?
Please help!
Currently there is no support for auto-provisioning on custom SAML apps. In their release blog post Google explains how this works:
Following this launch, admins will be able to set up automated user provisioning and deprovisioning for Salesforce.com and other apps (with support for more applications coming soon).
These are apps that they are specifically adding support to. Since then they have been steadily adding more apps to their catalog, but it's still a predefined list. All SPs have different APIs to provision users so it is probably not so easy to create an interface that will be able to connect with any of them, so Google seems to be sticking to implementing them one by one.
The link that you shared contains another link to Apps that support automated provisioning, which has the full list of supported apps. Any app outside of this list won't have auto-provisioning available.
I'm using this Flutter package to interface with the Google game service https://pub.dev/packages/games_services
I think I configured the game service in Google play console correctly and implemented codes in my project. Although my app is showing and submitting the score to the iOS game center, but my app can not show the leaderboard nor submitting a score as well.
I published my app in the Google play console and linked this app in the Game service in Google play console. Actually I set up the Firebase AdMob as well, so I configured my app with the SHA1 fingerprint through the Firebase(It created the OAuth ClientID, etc. automatically in Google API console) before I linked my app in Google game service.
I'm suspicious that the credentials including OAuth ClientID, etc. were not created by Google play console.
Can anybody give me a tip to resolve this issue?
Do you mean that your leaderboards are running correctly in iOS game center?
If not, you may have to make sure that your implementation is correct first.
If you suspect it's an OAuth credentials issue, you can try linking a second SHA1 fingerprint as described in Google's official documentation.
In "Check the certificate fingerprint" section:
Note: If you are debugging your game using your debug certificate but
have configured games services using your release certificate, you
should add a second linked app using the same package name and your
debug certificate's SHA1 fingerprint. This will allow you to sign in
to the application whether it's signed with the debug or release
certificates.
Google Play Console default has a managed App Signing feature that will replace your upload key with a Google-managed key, which may cause fingerprint mismatch that you described.
I have to push an update of app (I got the source code from the client and done some minor changes). I asked client for Apple dev login credentials but he is not willing to give me(it's obvious) however he asked me what info do I need from him. I know that I have to use the same distribution profile for creating the IPA. What else do I need from him in order to build the binary? e.g. Distribution Key in Keychain access etc.
Thanks
As your client don't want to provide Apple dev login credentials so it's not possible form your side. Because when you will going to submit your app you need to login to iTunes Connect.
So better I'll suggest you to submit you code to client and give him instructions (from installing xCode to uploading app) to upload your app as a new version.
I am currently about to start work on an iOS app for somebody but they have there own Apple Developer account which they would like to us. How do I go about setting my MAC up so that I can use their account to build, develop and test their app on my Devices?
I am assuming that I will need to create a separate user account on my MAC. I have done this but when I try to install the certificates that they have created I get errors such as "Valid signing identity not found".
Why could Apple not make this process simple, I am always having to refer back to the documentation and still get confused just to start creating a new app!
You do not have to create a new user account on your Mac for this, but I know some developers prefer to have separate accounts when they are working with more than one developer account, for ease of development & distribution provisioning profiles.
If your client adds you (by Apple ID --> email address) as a team member to their account (assuming their account belongs to a company and not an individual) then you can start the development process by requesting and later receiving a signed development certificate. You'll then also need the required provisioning profile(s) to develop/distribute builds of the app.
No, you won't need to create separate account. Xcode provide the facility to use several provisioning profile and certificate at the same time.
For more information check this thread - Multiple Certificates/Provisioning Profiles in one Xcode organizer?
First of all you don't need to create new account on your Mac to develop iOS application. In Xcode 4 it become very easy to start developing and signing application. All you need to do is go to Organizer (most right button on Xcode toolbar). In Provisioning Profiles section you can see Refresh button on the botoom of the screen. When you click it ask you about your developer account information such as account name and password. Then it tries to install all profiles and certificates to your Mac automatically. Then you could select your profile and sign your app. If automatically install fails, check yourself that you download all you need for this.
Create keys on your mac and submit to Apple.
Download your certificate and WWDR certificate. Two!!!!
Add your device to the devices section and create Development certificate (Distribution as well ). Download it manually or via refresh in Xcode Organizer.
Hope it helps. Sergey!
Once you have your Apple Developer Account Credentials, You can follow gist I have created:
Apple's Code Signing Process
I have read the secure coding guide provided by Apple. I am looking at developing a financial application. What are the best methods to authenticate the user? Are there any specific guidelines for finance applications (relating to security) given by Apple?
Just generic wisdom:
Don't store the password in plain text. Although the typical user can't access files inside of an iPhone, a jailbroken iPhone has full root access and will be able to peer inside the bundle, and can easily read a plain text file called "userPass.txt." Instead, use the iPhone's keychain to store logins and passwords.
As evidenced by PayPal's iOS security blunder that just happened, be sure to use a secure HTTPS connection when authenticating to a server. Someone packet sniffing on an open WiFi network is able to exploit the current iOS PayPal app and get credentials out of the air.