Manualshelf

Operation Manual

ManualsBrandsApple ManualsOtheriOS Implementierung
31323334353637383940
Chapter 4 Infrastructure and integration 34
With iOS 7 or later, apps can take advantage of your existing in-house Single Sign-On
infrastructure via Kerberos. The Kerberos authentication system used by iOS 7 or later is
the most commonly deployed Single Sign-On technology in the world. If you have Active
Directory, eDirectory, or Open Directory, it’s likely to already have a Kerberos system in place
that iOS 7 or later can use. iOS devices need to be able to contact the Kerberos service over a
network connection to authenticate users. In iOS 8, certicates can be used to silently renew a
Kerberos ticket, letting users maintain connections to certain services that leverage Kerberos
for authentication.
Supported apps
iOS provides exible support for Kerberos Single Sign-On to any app that uses the
NSURLConnection or NSURLSession class to manage network connections and authentication.
Apple provides all developers with these high-level frameworks to make network connections
seamlessly integrated within their apps. Apple also provides Safari, as an example to help you get
started by using SSO-enabled websites natively.
Congure Single Sign-On
You congure Single Sign-On using conguration proles, which may be either manually
installed or managed with MDM. The Single Sign-On payload allows exible conguration.
Single Sign-On can be open to all apps, or restricted by app identier, service URL, or both.
Simple pattern matching is used for URLs which must begin with either http:// or https://.
The matching is on the entire URL, so be sure that they’re exactly the same. For example, a
URLPrexMatches value of https://www.example.com/ won’t match https://www.example.
com:443/. You may specify http:// or https:// to restrict the use of SSO to either secure or regular
HTTP services. For example, using a URLPrexMatches value of https:// allows the SSO account to
be used only with secure HTTPS services. If a URL matching pattern doesn’t end with a slash (/),
a slash is appended.
The AppIdentierMatches array must contain strings that match app bundle IDs. These strings
may be exact matches (com.mycompany.myapp, for example) or may specify a prex match on
the bundle ID by using the wildcard character (*). The wildcard character must appear after a
period (.), and only at the end of the string (for example, com.mycompany.*). When a wildcard is
given, any app whose bundle ID begins with the prex is granted access to the account.
Virtual private networks (VPN)
Overview
Secure access to private corporate networks is available in iOS and OS X using established
industry-standard virtual private network (VPN) protocols. Out of the box, iOS and OS X support
Cisco IPSec, L2TP over IPSec, and PPTP. iOS also supports IKEv2. If your organization supports one
of these protocols, no additional network conguration or third-party apps are required in order
to connect Apple devices to your VPN.
iOS and OS X support SSL VPN from popular VPN providers. Like other VPN protocols supported
in iOS and OS X, SSL VPN can be congured manually on the Apple device, or by conguration
proles or mobile device management.
100% resize factor