This maybe a really dumb question but has had me stumped for days now. I have setup an MDM server. Then through the iPCU (iPhone Configuration Utility) I push a configuration profile with the relevant checkin and server URLs. I also add a credentials certificate installed on my machine and specify that as the identity.
After I push the profile to the device however, I get the following error...
MDM: Cannot Authenticate. Error: NSError:
Desc : A transaction with the server at https://heshang.abc.lk/MDMServer/checkin has
failed with the status 404.
US Desc: A transaction with the server at https://heshang.abc.lk/MDMServer/checkin has failed with the status 404.
Domain : MCHTTPTransactionErrorDomain
Code : 23001
Type : MCFatalError
Params : (
"https://heshang.abc.lk/MDMServer/checkin",
404
)
I checked whether the check-in url is accessible through device and it is. So what is causing this authentication error that I am getting ? It is not an SSL error either because I have accessed the MDM server via the device (an iPad) and I don't get an HTTPS error when doing so.
What is causing this authentication error ?
The device uses HTTP PUT when it contacts the MDM Server. Can you verify your web server is configured to handle/route an HTTP PUT request correctly?
Related
https://inspector.swagger.io/builder
I have an api hosted locally and needs a client certificate for authentication. I am able to access the API from Fiddler and Postman. For both these I could add the client certificate needed to authenticate with the api. I am not sure how I can provide this client certificate to swagger inspector. Any idea?
I see following error message:
The request has been terminated.
Possible reasons for the error:
Network error: the host is unreachable
Certificate problem: https is specified, but the service is using a self-signed, expired, or otherwise problematic certificate
CORS error: the requested service does not allow requests from other domains. Please try adding the Swagger Inspector Extension in chrome, since it can resolve this issue.
The Swagger Inspector Extension may be disabled. Please try enabling it by going to: chrome://extensions.
My goal is to setup Token Authentication Mode in Azure NotificationHub without using certificate on iOS. I generated the token as it is described here. Then I put the Token, Key ID, Bundle ID and Team ID into NotificationHub Apple(APNS) section (I am pretty sure that this is working, because I tried to change token to different value and there was an error: "Error updating notification hub". This means that all values were saved properly.
In my mobile app I followed this tutorial here. If I try to register user to NotificationHub I have this error:
Foundation.NSErrorException: Error Domain=NSURLErrorDomain Code=-1012 "(null)"
UserInfo={NSErrorFailingURLStringKey=https://dev...NotificationHub/Registrations/?
$filter=deviceToken+eq+''&api-version=2013-04, NSUnderlyingError=0x2811b89c0
{Error Domain=kCFErrorDomainCFNetwork Code=-1012 "(null)"
UserInfo={_kCFURLErrorAuthFailedResponseKey=<NSHTTPURLResponse: 0x281903cc0>
{ URL: https://dev...hubnamespace.servicebus.windows.net/dev...NotificationHub/Registrations/?
$filter=deviceToken+eq+''&api-version=2013-04 } { Status Code: 401, Headers {
"Content-Length" = (
0
);
Date = (
"Wed, 25 Mar 2020 11:51:09 GMT"
);
Server = (
"Microsoft-HTTPAPI/2.0"
);
"Strict-Transport-Security" = (
"max-age=2592000"
);
This means that there is an issue with authentication. Before this I had different testing solution with another NotificationHub. What I did differently that I created certificate in apple.developer.com and used Certificate Authentication Method and then I switched to Token Authentication Method. In this sample testing project everything worked without any issue. In my current project I didn't create certificate for APNS.
My question is if I need to create certificate even if I want to use Token? If so what is the point of creating token if I have to create certificate too?
Sorry for the issues you are encountering.
You are correct - if the Portal let you save the credentials then you have it set up correctly. Notification Hub actually authenticates with APNS on save to verify.
Receiving an authentication error when registering a device indicates there was an authentication issue between your iOS application and Notification Hub itself. There would not have been a corresponding call from the Notification Hubs SDK to APNS itself to get that rejection. I would recommend double checking how you are authenticating with your hub, as it should require both the Listen Access Policy/Connection string and the hub name in order to authenticate and register successfully.
This graphic from the Notification Hub docs (https://learn.microsoft.com/en-us/azure/notification-hubs/notification-hubs-push-notification-registration-management#registration-management-from-the-device) shows what I mean by this:
First of all, I would like to thank to Kyle Kamperschroer for helping me out.
To answer my question - you don't need to create certificate if you are using Token Based Authentication.
My connection string and azure hub name were correct. My issue was that RegisteredForRemoteNotifications method in AppDelegate wasn't called. Then the token was empty and it caused authentication issue in NotificationHub.
I solved this in developer.apple.com. I edited provisioning profile and select proper certificates.
There is also one thing which might probably fixed it. In Identifier section I checked PushNotifications and went through configuration without choosing certificate.
AppleServiceException
System.Security.Authentication.AuthenticationException: A call to SSPI
failed, see inner exception. --->
System.ComponentModel.Win32Exception: An unknown error occurred while
processing the certificate
It looks like a problem with your APNs certificate. Check if the certificate is valid. Ensure that you are using proper certificate for APNs (there are two types of certificate - 1. Development 2. Distribution).
Try looking at this SO question for more details.
iOS Push Notifications AuthenticationException for Certificate
I am receiving the below error when I try to enter my domain, username and password during the iOS enrollment process. I have everything pointing to the domain name of the server, not the IP address. I don't know why its istrying to use the IP to enroll the device as everything is changed to domain names in the config files.
Does anybody have ideas?
Thank you!
[2016-04-15 10:46:27,836] ERROR {org.wso2.carbon.device.mgt.ios.util.OAuthUtils}-
Error occurred while sending 'Post' request due to failure of server connectionjavax.net.ssl.SSLException:
hostname in certificate didn't match: <IP> != <hostname>
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:227)
at org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:54)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:147)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
When creating SSL certificate then you need to have the domain name as the common name. Also make sure you change config.json files accordingly with the domain name specially when it comes to EMM Jaggeryapps. Also in cdm-config.xml.
I have this setup:
A tomcat server configured to use ssl client certificate authentication (clientAuth=true)
An ipad with a valid client certificate installed on it (emailed as a .p12 file and visible under profiles)
When browsing via ios safari, the ipad uses the client cert and authenticates against the server fine.
However in code, using a NSURLConnection, it won't connect. Debugging on the server shows the client isnt sending and cert at all.
On the client I get an error like this:
Request(https://192.168.1.5:8443/device/security/policy>, 0, 0)) didFailWithError:Error Domain=NSURLErrorDomain Code=-1205 "The server “192.168.1.5” did not accept the certificate." UserInfo=0xe2eae30
{NSErrorFailingURLStringKey=https://192.168.1.5:8443/device/security/policy>, NSErrorFailingURLKey=https://192.168.1.5:8443/device/security/policy>, NSLocalizedDescription=The server “192.168.1.5” did not accept the certificate.,
NSUnderlyingError=0xe2eb250 "The server “192.168.1.5” did not accept the certificate.", NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0xe6ab010>}
I understand I can implement the delegate method for the challenge for the NSURLAuthenticationMethodClientCertificate protection space, but if I do that I dont have the certificate to send, its installed on the device and that isnt accessible via code (is it??)
I tried calling [challenge.sender performDefaultHandlingForAuthenticationChallenge:challenge] but that appeared to have no effect.
I was expecting that NSURLConnection would behave as per safari and access the installed certificate, but it appears not. I dont want to have to install the certificate into my app somehow - thats what the built in certificate management is for!
Or am I missing something? Any help appreciated.
Fundamentally you can't get at globally installed certificates from within an app in iOS (as of iOS 8), and the operating system won't help you out by sending them with an NSURLConnection. Safari has special rights to access the certificates. So the only way to use them from within an app is to install them into the app somehow, which makes the whole thing difficult.