New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

X.509 certificate authentication does not work #293

Closed
Chirag-Chauhan opened this Issue Apr 9, 2015 · 21 comments

Comments

Projects
None yet
8 participants
@Chirag-Chauhan

Chirag-Chauhan commented Apr 9, 2015

The "Sign in using X.509 certificate" does not automatically pickup the certificate or does not give the popup to select the certificate. I am successfully able to do form based authentication (username/password).

If I try the same process with Safari browser, the option "Sign in using X.509 certificate" does get me a popup to select the certificate.

Any help will be appreciated.

Thanks.

@xerners

This comment has been minimized.

Show comment
Hide comment
@xerners

xerners Apr 9, 2015

Member

We currently do not support x.509 certificates in the webview of our SDK.

On Apr 8, 2015, at 8:30 PM, Chirag-Chauhan notifications@github.com wrote:

The "Sign in using X.509 certificate" does not automatically pickup the certificate or does not give the popup to select the certificate. I am successfully able to do form based authentication (username/password).

If I try the same process with Safari browser, the option "Sign in using X.509 certificate" does get me a popup to select the certificate.

Any help will be appreciated.

Thanks.


Reply to this email directly or view it on GitHub.

Member

xerners commented Apr 9, 2015

We currently do not support x.509 certificates in the webview of our SDK.

On Apr 8, 2015, at 8:30 PM, Chirag-Chauhan notifications@github.com wrote:

The "Sign in using X.509 certificate" does not automatically pickup the certificate or does not give the popup to select the certificate. I am successfully able to do form based authentication (username/password).

If I try the same process with Safari browser, the option "Sign in using X.509 certificate" does get me a popup to select the certificate.

Any help will be appreciated.

Thanks.


Reply to this email directly or view it on GitHub.

@Chirag-Chauhan

This comment has been minimized.

Show comment
Hide comment
@Chirag-Chauhan

Chirag-Chauhan Apr 9, 2015

Thanks a lot for quick reply.

I even tried wrapping up the iOS native application using Microsoft Intune wrapper. With wrapped application also, I got the same behaviour of X.509 certificate authentication. Here also "Sign in using X.509 certificate" does not automatically pickup the certificate or does not give the popup to select the certificate.

Is there any other approach to achieve the same?

Thanks.

Chirag-Chauhan commented Apr 9, 2015

Thanks a lot for quick reply.

I even tried wrapping up the iOS native application using Microsoft Intune wrapper. With wrapped application also, I got the same behaviour of X.509 certificate authentication. Here also "Sign in using X.509 certificate" does not automatically pickup the certificate or does not give the popup to select the certificate.

Is there any other approach to achieve the same?

Thanks.

@xerners

This comment has been minimized.

Show comment
Hide comment
@xerners

xerners Apr 9, 2015

Member

Unfortunately no. We are looking in to supporting it but at the moment we don't.

On Apr 8, 2015, at 8:43 PM, Chirag-Chauhan notifications@github.com wrote:

Thanks a lot for quick reply.

I even tried wrapping up the iOS native application using Microsoft Intune wrapper. With wrapped application also, I got the same behaviour of X.509 certificate authentication. Here also "Sign in using X.509 certificate" does not automatically pickup the certificate or does not give the popup to select the certificate.

Is there any other approach to achieve the same?

Thanks.


Reply to this email directly or view it on GitHub.

Member

xerners commented Apr 9, 2015

Unfortunately no. We are looking in to supporting it but at the moment we don't.

On Apr 8, 2015, at 8:43 PM, Chirag-Chauhan notifications@github.com wrote:

Thanks a lot for quick reply.

I even tried wrapping up the iOS native application using Microsoft Intune wrapper. With wrapped application also, I got the same behaviour of X.509 certificate authentication. Here also "Sign in using X.509 certificate" does not automatically pickup the certificate or does not give the popup to select the certificate.

Is there any other approach to achieve the same?

Thanks.


Reply to this email directly or view it on GitHub.

@Chirag-Chauhan

This comment has been minimized.

Show comment
Hide comment
@Chirag-Chauhan

Chirag-Chauhan Apr 9, 2015

Thanks for the confirmation.

Chirag-Chauhan commented Apr 9, 2015

Thanks for the confirmation.

@PeterSelchDahl

This comment has been minimized.

Show comment
Hide comment
@PeterSelchDahl

PeterSelchDahl May 28, 2015

Hi Brandon,
What is the timeline and is it on your roadmap now?

Azure Feedback - Please yote for this support:
http://feedback.azure.com/forums/170031-sdk-and-tools/suggestions/8146017-adal-support-for-certificate-authentication-x-509

PeterSelchDahl commented May 28, 2015

Hi Brandon,
What is the timeline and is it on your roadmap now?

Azure Feedback - Please yote for this support:
http://feedback.azure.com/forums/170031-sdk-and-tools/suggestions/8146017-adal-support-for-certificate-authentication-x-509

@RandalliLama

This comment has been minimized.

Show comment
Hide comment
@RandalliLama

RandalliLama Sep 18, 2015

Member

@PeterSelchDahl Unfortunately we do not have a timeline at this point.

Member

RandalliLama commented Sep 18, 2015

@PeterSelchDahl Unfortunately we do not have a timeline at this point.

@PeterSelchDahl

This comment has been minimized.

Show comment
Hide comment
@PeterSelchDahl

PeterSelchDahl Dec 3, 2015

Why have this issue been closed? Have you provided support in collaboration with Apple?

Just looking for a reason

PeterSelchDahl commented Dec 3, 2015

Why have this issue been closed? Have you provided support in collaboration with Apple?

Just looking for a reason

@RPangrle RPangrle reopened this Jan 6, 2016

@RPangrle RPangrle added this to the 2.1 milestone Jan 6, 2016

@RPangrle

This comment has been minimized.

Show comment
Hide comment
@RPangrle

RPangrle Jan 8, 2016

Contributor

This feature will require using the Authenticator and broker, but it does work.

Contributor

RPangrle commented Jan 8, 2016

This feature will require using the Authenticator and broker, but it does work.

@RPangrle RPangrle closed this Jan 8, 2016

@kaushikn

This comment has been minimized.

Show comment
Hide comment
@kaushikn

kaushikn Mar 30, 2016

We are having the same issue with OneDrive for Business on IOS. It is not picking up the client certificate. Any help on how to get this to work using Authenticator/Broker.

kaushikn commented Mar 30, 2016

We are having the same issue with OneDrive for Business on IOS. It is not picking up the client certificate. Any help on how to get this to work using Authenticator/Broker.

@RandalliLama

This comment has been minimized.

Show comment
Hide comment
@RandalliLama

RandalliLama Mar 30, 2016

Member

Sign in via certificate is currently supported in limited circumstances. However you need to have the Azure Authenticator installed. It works with the Word, Powerpoint and Excel at this time.

@brandwe Do we have any public docs on this?

Member

RandalliLama commented Mar 30, 2016

Sign in via certificate is currently supported in limited circumstances. However you need to have the Azure Authenticator installed. It works with the Word, Powerpoint and Excel at this time.

@brandwe Do we have any public docs on this?

@RandalliLama RandalliLama reopened this Mar 30, 2016

@kaushikn

This comment has been minimized.

Show comment
Hide comment
@kaushikn

kaushikn Mar 30, 2016

Thanks Rich.

How is the certificate installed; can the app pull the certificate from the system profile ?

kaushikn commented Mar 30, 2016

Thanks Rich.

How is the certificate installed; can the app pull the certificate from the system profile ?

@RandalliLama

This comment has been minimized.

Show comment
Hide comment
@RandalliLama

RandalliLama Mar 30, 2016

Member

@kaushikn Yes, that's exactly where it comes from. The Azure Authenticator invokes a Safari View Controller to do login when it detects that client cert auth is being requested by the server. The Safari View Controller has the same access to certificates that the Safari app has. You should be able to install the cert in the same way you would install a cert that would be used by Safari.

Note: Because of the way the Safari Web Controller works if you are using the Azure Authenticator for MFA you may be blocked. The Azure Authenticator will not be able to show you an MFA prompt while the SWC is active, and you will not be able to get to your Azure Authenticator OTP codes.

Member

RandalliLama commented Mar 30, 2016

@kaushikn Yes, that's exactly where it comes from. The Azure Authenticator invokes a Safari View Controller to do login when it detects that client cert auth is being requested by the server. The Safari View Controller has the same access to certificates that the Safari app has. You should be able to install the cert in the same way you would install a cert that would be used by Safari.

Note: Because of the way the Safari Web Controller works if you are using the Azure Authenticator for MFA you may be blocked. The Azure Authenticator will not be able to show you an MFA prompt while the SWC is active, and you will not be able to get to your Azure Authenticator OTP codes.

@kaushikn

This comment has been minimized.

Show comment
Hide comment
@kaushikn

kaushikn Mar 30, 2016

Thanks Rich.

I am trying this with One Drive for Business on IOS. I have a certificate installed in my system profile and trying to use modern authentication with One Drive via our SAML IDP. I presume that One Drive for business is also using Safari Web Controller but for some reason the Safari Web Controller is not able to access the certificate.

The reason I am looking the Azure Authenticator is to check if it can solve the problem I am having with native One Drive app on IOS.

kaushikn commented Mar 30, 2016

Thanks Rich.

I am trying this with One Drive for Business on IOS. I have a certificate installed in my system profile and trying to use modern authentication with One Drive via our SAML IDP. I presume that One Drive for business is also using Safari Web Controller but for some reason the Safari Web Controller is not able to access the certificate.

The reason I am looking the Azure Authenticator is to check if it can solve the problem I am having with native One Drive app on IOS.

@kaushikn

This comment has been minimized.

Show comment
Hide comment
@kaushikn

kaushikn Mar 31, 2016

Hi Rich,

Quick follow up question; I am presuming that the reason the OneDrive for Business app does not work is because it it not using the Safari Web Controller but the webview instead ?

kaushikn commented Mar 31, 2016

Hi Rich,

Quick follow up question; I am presuming that the reason the OneDrive for Business app does not work is because it it not using the Safari Web Controller but the webview instead ?

@RandalliLama

This comment has been minimized.

Show comment
Hide comment
@RandalliLama

RandalliLama Mar 31, 2016

Member

@kaushikn Have you tried the OneDrive app when the Azure Authenticator is installed? I think that OneDrive should work. Unless you are using the older, separate OneDrive for Business app. There is a combined OneDrive app here that you should try:

https://itunes.apple.com/us/app/onedrive-cloud-storage-for/id477537958?mt=8

And yes, without the Azure Authenticator OneDrive will simply use a webview that does not have access to the system keychain with the appropriate cert.

Member

RandalliLama commented Mar 31, 2016

@kaushikn Have you tried the OneDrive app when the Azure Authenticator is installed? I think that OneDrive should work. Unless you are using the older, separate OneDrive for Business app. There is a combined OneDrive app here that you should try:

https://itunes.apple.com/us/app/onedrive-cloud-storage-for/id477537958?mt=8

And yes, without the Azure Authenticator OneDrive will simply use a webview that does not have access to the system keychain with the appropriate cert.

@kaushikn

This comment has been minimized.

Show comment
Hide comment
@kaushikn

kaushikn Mar 31, 2016

Thanks, will try it out.

kaushikn commented Mar 31, 2016

Thanks, will try it out.

@kaushikn

This comment has been minimized.

Show comment
Hide comment
@kaushikn

kaushikn Mar 31, 2016

Thanks a lot Rich. It worked.

kaushikn commented Mar 31, 2016

Thanks a lot Rich. It worked.

@derekharkin

This comment has been minimized.

Show comment
Hide comment
@derekharkin

derekharkin Apr 3, 2016

Would you know if this works on Android too? I didn't see anything specifically referencing support on Android of this feature.

derekharkin commented Apr 3, 2016

Would you know if this works on Android too? I didn't see anything specifically referencing support on Android of this feature.

@RandalliLama

This comment has been minimized.

Show comment
Hide comment
@RandalliLama

RandalliLama Apr 3, 2016

Member

In Android it should work without the Authenticator.

Member

RandalliLama commented Apr 3, 2016

In Android it should work without the Authenticator.

@anivaros

This comment has been minimized.

Show comment
Hide comment
@anivaros

anivaros Nov 3, 2016

Contributor

Hello! Can I use CBA to auth user from my app with ADAL on ADFS, not Azure?

Contributor

anivaros commented Nov 3, 2016

Hello! Can I use CBA to auth user from my app with ADAL on ADFS, not Azure?

@RPangrle

This comment has been minimized.

Show comment
Hide comment
@RPangrle

RPangrle Nov 3, 2016

Contributor

No

Contributor

RPangrle commented Nov 3, 2016

No

anivaros added a commit to anivaros/azure-activedirectory-library-for-objc that referenced this issue Dec 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment