Single Sign ON (SSO) in iOS 7 Single Sign ON (SSO) in iOS 7 ios ios

Single Sign ON (SSO) in iOS 7


ios single-sign-on ios7

I would recommend watching WWDC 2013 Session 301 "Extending Your Apps for Enterprise and Education Use"

Also, for an overview of an implementation of this functionality this site helps.

Lastly, here is Apple's documentation (available to developers). Look for the heading: Single Sign-On Account Payload.

Configuring SSO on a device will require Apple Configurator to install the profile or an MDM solution for OTA delivery of the SSO profile.

ios single-sign-on ios7

To make SSO (Kerberos) working on iOS7 you need 3 things:

  1. On the server side: Kerberos environment + HTTP SPNego/Kerberos authentication configured. SSO in iOS works only for HTTP(S).

  2. Configuration profile containing:

    • [Obligatory] Your Kerberos realm.
    • [Obligatory] Your Kerberos principal (usually username), this can be left empty - in that case user will be asked to specify it during the profile installation.
    • [Obligatory] List of URL prefixes of the pages allowed to use SSO. Wildcards cannot be used here, if the prefix doesn't end with slash character, it will be automatically appended to it.
    • [Optional] List of bundle IDs allowed to use SSO, if empty all applications are allowed. Wildcards in bundle IDs can be used.

  3. Application that supports it, Safari and WebKit (UIWebView class) do. As described in WWDC 2013 Session Videos number 301, you have to use either NSURLConnection or NSURLSession class. This is a simplified example of the HTTP traffic when authenticating using the SPNego scheme:

Client: GET https://login.example.com/adfs/ls/auth/integrated/?data1=aa&data2=...

Server: 401 Unathorized

+header WWW-Authentificate: Negotiate

Client: GET https://login.example.com/adfs/ls/auth/integrated/?data1=aa&data2=...

+header Authorization: Negotiate [SPNegotInitToken]

Server: 200 OK

+header Authorization: Negotiate [SpnegoTargToken]

+header set-cookie [SESSIONID]

The dialog with prompt for the Kerberos password (if the Kerberos ticket has not yet been granted/expired) will appear after receiving "WWW-Authentificate". Obj-C classes will handle automatically all the redirects and authentication process, so the only thing you need is to make a request to the login URL and allow this URL in the profile.

ios single-sign-on ios7

Enterprise Single Sign On lets user sign in once on their device and let all apps on device use it fo authentication.In case of twitter, links below will be useful for you,

https://dev.twitter.com/discussions/8231.

http://eflorenzano.com/blog/2012/04/18/using-twitter-ios5-integration-single-sign-on/

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last