Migrating Parse to AWS - Multiple iOS .p12 Certs - ios

With Parse, it has the ability to support up to 6 certs.
Following these instructions: https://mobile.awsblog.com/post/Tx3NE69QDHI7LJK/Migrating-from-Parse-Push-to-Amazon-SNS
It appears that it only supports 1 cert, would I have to create a new mobile hub project to support the other iOS .p12 certs?

Tim,
You are correct, the Mobile Hub project was designed for a single Applicaton ID and therefore each project supports a single Apple Push Certificate and/or Google GCM credentials. Creating a project for each certificate/app id is one approach because it also adds the proper permissions for each app user to create push endpoints (SNS Platform Endpoints). Platform Endpoints are what SNS associates with the device token to publish directly to those devices.
The only issue with multiple projects is that each project creates a new Cognito Identity Pool and therefore your apps will not be sharing the same identity pool, if that matters to you. For example you have USER A that logs into Facebook on APP A and then downloads APP B and logs in via the same Facebook account. In this case, this user will have the SAME identity across both apps.
The alternative option is to keep the one Mobile Hub project and create an SNS Platform Application for each Apple Push Certificate if these certificates each have a unique App Identifier (App ID).
If you keep the one Mobile Hub project and create multiple SNS Platform Applications for each certificate, you'll need to make the following changes:
Change the Bundle Identifier of the App to match the Bundle Identifier of the certificate you uploaded to SNS for your application. (eg. "com.yourdomain.yourappname"). Actually, you need to do this for both options.
You'll need to update the IAM roles (created by the Mobile Hub project) by giving each of your apps access to those Platform Applications. For example, each Mobile Hub project sample app has an Authenticated and an UNAuthenticated IAM Role tied to the Cognito Identity Pool for that project. When you enabled Push Notifications and uploaded the .p12, permissions were added to those roles allowing the app users to send their device tokens to SNS and create an SNS Platform Endpoint. Since you can only add one certificate per project, you'll need to update those IAM Roles with permissions to the additional Platform Applications you created in SNS.
I hope you have success with either option.

Related

Unable to register app (iOS app) on Azure portal

I am following the link to integrate One Drive SDK into an existing iOS app. I have an free account created on azure portal. Its a work account so I can see a default Azure Active Directory.
During this process, I need to register the app on the Azure portal. This link for registering apps and generating app ID does not work in my case.
I am unable to create an app ID or access existing active Azure Directory details. The portal shows me restricted access page as mentioned in this link : https://learn.microsoft.com/en-us/answers/questions/352443/microsoft-azure-free-trial-no-access-to-acitive-di.html. The solutions mentioned in this link does not work for me as those options are not seen on the screen.
Any kind of help in understanding the trouble will be of great help!
This might be due to insuffient permissions as this is a free trial account.
Go to your Overview pane of your subscription and check if there are any directories present.
If not try creating a free trial account using a Work or school account and there you will be provided with a default directory. Then Create new Azure AD Tenant and then Connect your Azure free subscription to your new Azure AD Directory.
REFERENCES:
Associate a subscription to a directory.
Create a new tenant for your organization.

Can we revoke and download authentication key(fir Push notifications) of we lost old one?

In my Appstore account I have already created three authentication keys and I don't have any one of them. Now I am gonna publish one more app to app store which uses push notifications. Since I don't have any old autbentication key,
1.Can i revoke and download any old authentication key(which was already used for existing apps)?
2.If it is possible and do so, Will there be any issue to existing apps?
As long as there is one active authentication key in your developer account, there shouldn't be any problem with the published apps. You should create a new one and download it, and only after doing so, revoke the old one.

Is it possible to pre-configure apps like OneDrive, DropBox using MDM or Apple Configurator?

I am using MDM to configure Email accounts on the devices using
Mail/Exchange ActiveSync payload.
I was wondering if there is a way where I can also configure OneDrive and DropBox accounts using MDM or Apple Configurator.
I know we can install the Apps but is there a way where I can add a specific account too?
Each application has different capabilities for being provisioned as it's being sent down to the device, therefore, there's no easy answer to this
However, firstly, I'd start with https://appconfig.org which is an initiative to getting developers to use the same format for Managed App Config. This also allows MDM vendors to "read" the Managed app config capabilities of an app, saving you the hassle of having to look this information up on the web
You'll struggle with Microsoft apps beyond VERY basic capabilities. However, for DropBox, there's some information here: Dropbox EMM support

Firebase or APNS not working

I have an ASP.NET MVC5 Application which I have moved from Microsoft Azure to AWS i.e. Redeployed from Microsoft to AWS. Can moving servers from Azure to AWS affect Firebase service in any way? My push notifications have stopped for my iOS client. Do I need to do something at Apple's end i.e. APNS etc.?
Found the Answer:
I was building a developer App with the developer Profile.
Needed to create an APNS certificate for developer builds.
Needed to upload the APNS to the firebase console.

Mobileiron: iOS App authorization in Active Directory

We are developing an iOS application in Xamarin, which will be distributed via MobileIron. We are also developing the Backend WebServices (rest).
What I need to know is, when a web service call comes to my API, I want to make sure, that the call is coming from a client who is logged-in to my app with his Active-Directory credentials, using MobileIron.
The MobileIron website has plenty of information, but is also a bit chaotic.
What MobileIron products are needed for my use case?
Whats the best way to protect my WebServices and allow just requests from our iOS Application with correct AD-Credentials?
Do I need the AppConnect SDK or can I just wrap the iOS Application in MobileIron? If I need the SDK, are there any examples?
Thanks in advance!
Cheers
Immi
Here is one way how it should work, we have this built up in our environment.
Assuming that the target devices are managed by the MobileIron MDM system with MobileIron Core (MDM) & MobileIron Sentry (Gateway -> Intranet).
You can configure MobileIron Sentry in this way, that a webrequest from an AppConnect enabled app (no matter if SDK included or wrapped!) will be authenticated with user certificate from device, Sentry obtains Kerberos ticket from domain controller for the user and then forwards the web request to a website / webservice where Kerberos authentication is enabled and the user has access granted.
There are many things to configure for this to work (CA, user certificate -> device, service account with delegation configured in AD, SPN for website configured in AD,...) and there is a good support document available from MobileIron to make this up & running.
It's to extensive to describe here all steps.
If this is already setup in the target environment (if there is already another AppConnect app), there are only a few steps left (SPN and MI app-specific AppConnect Config).
The good news is, that the app itself does not have to take care of the authentication. The MobileIron stuff does this on its own...

Resources