SLSUserIdentityDiscovery
public class SLSUserIdentityDiscovery : UserIdentityObtaining
SLS User Identity Discovery
Usage
- [Create UserIdentityObserver]
- Convenience mode
- Create UserIdentityObserver
- Customizable mode
- Create SLSUserIdentityDiscovery
- Create UserIdentityObserver
- Start request to Resource URL
Create UserIdentityObserver convenient way
The most convenient way is to let the observer to create the SLSUserIdentityDiscovery
instance.
See also UserIdentityObserver()
// create the observer
let userIdentityObserver = UserIdentityObserver(slsConfigurationParameters: SLSConfigurationParameters, loginInputDelegate: SLSLoginInputDelegate, identityStore: UserIdentityStoring)
// register it to SAPURLSession
sapURLSessionForResource.register(userIdentityObserver)
Create SLSUserIdentityDiscovery
let baseURL = URL(string: "<#Your SLS Server URL#>")!
let profile = "<#Your Profile Code#>"
guard let slsConfigurationParameters = SLSConfigurationParameters(baseURL: baseURL, profile: profile) else {
// Handle error of invalid url or wrongly formatted profile code
return
}
let slsUserIdentityDiscovery = SLSUserIdentityDiscovery(slsConfigurationParameters: slsConfigurationParameters, userInputDelegate: self)
Create UserIdentityObserver
Another convenient way is to pass the SLSUserIdentityDiscovery
instance to a UserIdentityObserver.
See also UserIdentityObserver()
// create the observer
let userIdentityObserver = UserIdentityObserver(userIdentityDiscovery: slsUserIdentityDiscovery, identityStore: self)
// register it to SAPURLSession
sapURLSessionForResource.register(userIdentityObserver)
Start request to Resource URL
let request = URLRequest(url: <#resourceURL#>)
let dataTask = sapURLSessionForResource.dataTask(with: request) { data, response, error in
// Handle the error and the response
}
dataTask.resume()
Implement the SLSLoginInputDelegate
// Called when information is needed by the user
func slsUserIdentityDiscovery(_ sls: SLSUserIdentityDiscovery, needsInputForLogin userInputForLogin: SLSLoginInput, completionHandler: @escaping ([SLSLoginInputFieldValue]?, Error?) -> Void) {
// Show a UI with input fields from the SLSLoginInput
// Call the completionHandler with the given parameters
var loginInputFieldValues = [SLSLoginInputFieldValue]()
loginInputFieldValues.append(SLSLoginInputFieldValue(fieldName: <#fieldName#>, value: <#value#>))
completionHandler(loginInputFieldValues, nil)
}
// Called when there are no more request for the user
func slsUserIdentityDiscoveryDidFinishReceivingInput(_ sls: SLSUserIdentityDiscovery) {
// Dismiss the UI
}
General flow obtaining user identity
Certificate discovery is automatic when using a UserIdentityObserver
that is registered to a SAPURLSession
. The UserIdentityObserver
can be used with the SLSUserIdentityDiscovery
to obtain the certificate from the Secure Login Server (SLS).
- The application initiates a request to the resource server which requires a user identity resulting in a challenge in the
SAPURLSession
. - The
UserIdentityObserver
calls the application using theUserIdentityStoring
protocol. If there is no valid identity, the observer calls theSLSUserIdentityDiscovery
to obtain a certificate. - The
SLSUserIdentityDiscovery
initiates a request to the Secure Login Server to get the certificate attributes which triggers an authentication flow. The authentication consist of one or more steps. The authentication process can be satisfied using the SLSLoginInputDelegate. After a successful authentication, the certificate parameters are downloaded. - The
SLSUserIdentityDiscovery
generates a private key to sign the Certificate Signing Request (CSR) and to create the identity later. - The certificate parameters are used to create a CSR, which is sent to the
Secure Login Server
which creates the certificate. - The
SLSUserIdentityDiscovery
creates aSecIdentity
using this certificate and the generated private key. - The identity is transformed to a
PKCS #12
Data
which will be passed to the caller as the result. - This
Data
is passed toUserIdentityObserver
. - The
UserIdentityObserver
calls theUserIdentityStoring
delegate and passes theData
to it.
ThisData
should be stored securely and provided later if the component needs an identity. - The original request to the resource server restarts automatically so the next time the server challenges for an identity, it is accessible.
Component to retrieve a User certificate from Secure Login Server
-
Initializer of SLSUserIdentityDiscovery
Declaration
Swift
public init(slsConfigurationParameters: SLSConfigurationParameters, loginInputDelegate: SLSLoginInputDelegate, sapURLSession: SAPURLSession = SAPURLSession())
Parameters
slsConfigurationParameters
input parameters to be able to connect to the SLS server
loginInputDelegate
the application should implement the SLSLoginInputDelegate to provide additional information form the user
sapURLSession
optional SAPURLSession for the communication
-
Obtain the user identity. The process covers the getting of certificate attributes, create CSR, and getting the certificate.
Declaration
Swift
public func obtainUserIdentity(completionHandler: @escaping (Data?, Error?) -> Void)
Parameters
completionHandler
Result with Data and Error. The Data is the PKCS #12 formatted SecIdentity that received from the server.