public class SLSUserIdentityDiscovery : UserIdentityObtaining

SLS User Identity Discovery


  1. [Create UserIdentityObserver]
  2. Start request to Resource URL

Create UserIdentityObserver convenient way

The most convenient way is to let the observer to create the SLSUserIdentityDiscovery instance. See also UserIdentityObserver()

// create the observer
let userIdentityObserver = UserIdentityObserver(slsConfigurationParameters: SLSConfigurationParameters, loginInputDelegate: SLSLoginInputDelegate, identityStore: UserIdentityStoring)

// register it to SAPURLSession

Create SLSUserIdentityDiscovery

let baseURL = URL(string: "<#Your SLS Server URL#>")!
let profile = "<#Your Profile Code#>"
guard let slsConfigurationParameters = SLSConfigurationParameters(baseURL: baseURL, profile: profile) else {
    // Handle error of invalid url or wrongly formatted profile code

let slsUserIdentityDiscovery = SLSUserIdentityDiscovery(slsConfigurationParameters: slsConfigurationParameters, userInputDelegate: self)

Create UserIdentityObserver

Another convenient way is to pass the SLSUserIdentityDiscovery instance to a UserIdentityObserver. See also UserIdentityObserver()

// create the observer
let userIdentityObserver = UserIdentityObserver(userIdentityDiscovery: slsUserIdentityDiscovery, identityStore: self)

// register it to SAPURLSession

Start request to Resource URL

let request = URLRequest(url: <#resourceURL#>)
let dataTask = sapURLSessionForResource.dataTask(with: request) { data, response, error in
    // Handle the error and the response

Implement the SLSLoginInputDelegate

// Called when information is needed by the user
func slsUserIdentityDiscovery(_ sls: SLSUserIdentityDiscovery, needsInputForLogin userInputForLogin: SLSLoginInput, completionHandler: @escaping ([SLSLoginInputFieldValue]?, Error?) -> Void) {
  // Show a UI with input fields from the SLSLoginInput
  // Call the completionHandler with the given parameters
  var loginInputFieldValues = [SLSLoginInputFieldValue]()
  loginInputFieldValues.append(SLSLoginInputFieldValue(fieldName: <#fieldName#>, value: <#value#>))
  completionHandler(loginInputFieldValues, nil)

// Called when there are no more request for the user
func slsUserIdentityDiscoveryDidFinishReceivingInput(_ sls: SLSUserIdentityDiscovery) {
  // Dismiss the UI

General flow obtaining user identity

Certificate discovery is automatic when using a UserIdentityObserver that is registered to a SAPURLSession. The UserIdentityObserver can be used with the SLSUserIdentityDiscovery to obtain the certificate from the Secure Login Server (SLS).

  1. The application initiates a request to the resource server which requires a user identity resulting in a challenge in the SAPURLSession.
  2. The UserIdentityObserver calls the application using the UserIdentityStoring protocol. If there is no valid identity, the observer calls the SLSUserIdentityDiscovery to obtain a certificate.
  3. The SLSUserIdentityDiscovery initiates a request to the Secure Login Server to get the certificate attributes which triggers an authentication flow. The authentication consist of one or more steps. The authentication process can be satisfied using the SLSLoginInputDelegate. After a successful authentication, the certificate parameters are downloaded.
  4. The SLSUserIdentityDiscovery generates a private key to sign the Certificate Signing Request (CSR) and to create the identity later.
  5. The certificate parameters are used to create a CSR, which is sent to the Secure Login Server which creates the certificate.
  6. The SLSUserIdentityDiscovery creates a SecIdentity using this certificate and the generated private key.
  7. The identity is transformed to a PKCS #12 Data which will be passed to the caller as the result.
  8. This Data is passed to UserIdentityObserver.
  9. The UserIdentityObserver calls the UserIdentityStoring delegate and passes the Data to it.
    This Data should be stored securely and provided later if the component needs an identity.
  10. The original request to the resource server restarts automatically so the next time the server challenges for an identity, it is accessible.

Component to retrieve a User certificate from Secure Login Server

  • Initializer of SLSUserIdentityDiscovery



    public init(slsConfigurationParameters: SLSConfigurationParameters, loginInputDelegate: SLSLoginInputDelegate, sapURLSession: SAPURLSession = SAPURLSession())



    input parameters to be able to connect to the SLS server


    the application should implement the SLSLoginInputDelegate to provide additional information form the user


    optional SAPURLSession for the communication

  • Obtain the user identity. The process covers the getting of certificate attributes, create CSR, and getting the certificate.



    public func obtainUserIdentity(completionHandler: @escaping (Data?, Error?) -> Void)



    Result with Data and Error. The Data is the PKCS #12 formatted SecIdentity that received from the server.