1 Reply Latest reply on May 18, 2015 8:39 PM by dng

    Using kerberos from an IOS device to access the webapi?

    larsoleruben

      HI

      Does anyone have experience using kerberos from an IOS 8.x device to access the webapi?

      I can access the data as anonymous, no problem, but does anyone have code examples or similar using kerberos

        • Re: Using kerberos from an IOS device to access the webapi?
          dng

          We did test this out internally (with Safari); I will provide you with our configuration here. However, please refer to Apple's official documentation on configuring Kerberos on your iOS device for any discrepancies.

           

          First, construct the XML file (e.g. kerberos.mobileconfig) as follow:

           

          <!-- Customize any area that contains curly brackets {} -->
          <!-- Random GUIDs can be generated here http://www.guidgenerator.com/ -->
          
          <?xml version="1.0" encoding="UTF-8"?> 
          <!DOCTYPE plist PUBLIC "-//Apple/DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> 
          <plist version="1.0"> 
          <dict> 
            <key>PayloadContent</key> 
            <array> 
              <dict> 
                <key>PayloadDisplayName</key> 
                <string>SSO Settings</string> 
                <key>PayloadType</key> 
                <string>com.apple.sso</string> 
                <key>PayloadVersion</key> 
                <integer>1</integer> 
                <key>PayloadUUID</key> 
                <string>{RANDOM GUID 1}</string> 
                <key>PayloadIdentifier</key> 
                <string>com.{COMPANY NAME}.sso</string> 
                <key>Name</key> 
                <string>{COMPANY NAME} Domain</string> 
                <key>Kerberos</key> 
                <dict>   
                  <key>Realm</key> 
                  <string>{KERBEROS REALM_TRY DOMAIN NAME}</string> 
                  <key>URLPrefixMatches</key> 
                  <array> 
                    <string>http://{URL}</string>   
            <!-- <string>https://{URL}</string> --> 
                  </array> 
                  <key>AppIdentifierMatches</key> 
                  <array> 
                    <string>com.apple.mobilesafari</string> 
                  </array> 
                </dict> 
              </dict> 
            </array> 
            <key>PayloadOrganization</key> 
            <string>{COMPANY NAME}</string> 
            <key>PayloadDisplayName</key> 
            <string>Single Sign-On Profile</string> 
            <key>PayloadVersion</key> 
            <integer>1</integer> 
            <key>PayloadUUID</key> 
            <string>{RANDOM GUID 2}</string> 
            <key>PayloadIdentifier</key> 
            <string>com.{COMPANY NAME}.sso.profile</string> 
            <key>PayloadDescription</key> 
            <string>Enables Kerberos Authentication</string> 
            <key>PayloadType</key> 
            <string>Configuration</string> 
          </dict> 
          </plist>
          

           

          1. Open the file in notepad and replace {} with necessary information. Note that Kerberos realm name may be the same as domain name (case-sensitive); some conventions use the domain name as the Kerberos realm name but all capitalized.
          2. After the file is configured correctly, send as an attachment to any email address available on the iOS device. Select the file, install and go through security checks.
          3. Enter the username of the domain account that will be used to authenticate.
          4. Click Done.

           

          Any time you navigate to a URL in Safari that matches the prefixed URL specified in the XML file, you will be prompted with an authentication box that use Kerberos.

           

          Note: To uninstall, you can remove the configuration profile. Go to Settings > General > Single Sign-On Profile > select Remove.

          3 of 3 people found this helpful