Using a Third-Party Certificate Provider
SAP Mobile Platform SDK includes a Provider API, which enables apps to download certificates from third-party infrastructures.
Implementing Content from Third-Party Certificate Providers
The CertificateProvider API implements a Logon extension for integrating non-Afaria certificate provider options, for example, MobileIron or AirWatch, or file-system installation.
Creating an Xcode Library Project
To implement the certificate from the your third-party provider, create a new static linked library project in Xcode.
maflogonuing.a min version: 1.203.0
Creating the Certificate Provider Implementation
@interface CertificateProviderSample : NSObject <CertificateProvider>
Implement the getCertificate method:
-(void) getCertificate:(id<CertificateProviderDelegate>)aProviderDelegateIn this method, if the provider implementation requires a UI, the current view controller can be retrieved from the provider delegate instance:
When the SecIdentityRef is created, call the
provider delegate instance:
[pluginDelegate onGetCertificateSuccess:clientIdentity];If any error prevents the return of a valid SecIdentityRef, call this method with an NSError instance:
[pluginDelegate onGetCertificateFailure: anError];After a successful registration, when the application has stopped and restarted, the LogonManager needs the SecIdentityRef again because it is stored only in the provider. Use the getStoredCertificate method:
-(BOOL)getStoredCertificate:(SecIdentityRef *)secIdentityRef error:(NSError **)anErrorWhen you call this method, return the SecIdentityRef that was selected during registration. This is a sync method; therefore, do not show any UI here.If users inadvertently delete the registration or forget the passcode, LogonManager invalidates the registration and calls this method:
-(BOOL) deleteStoredCertificateWithError:(NSError **)anErrorIf the provider can successfully remove the stored certificate, deleteStoredCertificateWithError returns yes. In case of an error, it returns no and the error description.
Setting the CertificateProvider
You can set the CertificateProvider on the
CertificateProviderSample *certificateProviderSample = [[[CertificateProviderSample alloc] init] autorelease]; [logonUIViewManager setCertificateProvider:certificateProviderSample];
If your application does not require a
CertificateProvider, you can remove it by setting
Refreshing a Certificate
The certificate used for registration and communicating with the server might become invalid at some point, for example, if the validity period ends.
- Calls the deleteStoredCertificate method, so CertificateProvider can delete the invalid certificate.
- Calls the getCertificate method to set a new, valid certificate. This method is called only if the deleteStoredCertificate returns yes.