WKWebView Challenges while authenticating PIV Certificates

Safari & Web General
nehasinha19 OP
Created 1d
Replies 3
Boosts 0
Views 66
Participants 3

Hi,

I have a SAML authentication scenario with MFA(probably Okta) in my app that runs in WKWebView using Cordova. I am currently doing POC to authenticate PIV certificates(either one of the 3 Issuers: DISA Purebred, Intercede and Entrust) in WKWebView with Cordova.

As if now, I have found that WKNavigationDelegate method: didReceive challenge, we can authenticate the certificate. Also, these PIV certificates which are stored in the form of .p12 in Apple's keychain group needs to be imported using function: SecPKCS12Import.

Please let me know if my understanding is correct or if there are any implementation challenges in WKWebView with Cordova. I would highly appreciate if any information regarding this can be provided.

Replies  3
Boosts  0
Views  66
Participants  3
Engineer OP
Apple
1d

It would be best to reach to Cordova about support of WKWebView in Cordova.

0
DTS Engineer OP
Apple
20h

IMPORTANT I definitely can’t help you with the Cordova side of this, but I wanna make sure that what you’re asking for is possible at all.

I’d likely to clarify what you mean by “PIV certificates”. Usually the term PIV refers to Personal Identity Verification, a type of smart card. If that’s the case here then this doesn’t make sense:

Also, these PIV certificates which are stored in the form of .p12 in Apple's keychain group needs to be imported using function: SecPKCS12Import.

Apple platforms expose PIV credentials to apps via the keychain API (SecItem) but that’s not in the form of a .p12 that you import into the keychain using SecPKCS12Import. A .p12 usually holds a digital identity — that is, certificate and the private key associated with the public key in that certificate — and that’s antithetical to PIV, which the private key must never leave the smart card.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
nehasinha19 OP
13h

Hi.

Thanks for your prompt reply.

I am also not concerned about Cordova. I have this new implementation that I need to work on regarding PIV related authentication in WKWebView. Please let me explain the scenario below.

A PIV (Personal Identity Verification) card converts to a digital certificate by essentially extracting the cryptographic key pair stored on the card and embedding it into a digital certificate file, which can then be used for authentication and digital signing purposes. I am intending to use it in my iOS app which uses WKWebView and has Okta SSO for SAML Authentication. I am aware that this PIV digital certificate will be stored in iOS device through MDM.

There are few questions that I have related to this implementation:

  1. As you mentioned that these certificates does not get stored in the form of .p12, then please let me know how and which format do they get stored.

  2. How can I use these digital certificates in my app when the SSO asks for authentication through PIV.

For POC purposes, I have added "didReceiveAuthenticationChallenge" to extract the certificate, but SecPKCS12Import method needs .p12 data and password which is not possible to pass as a parameter.

Please suggest if this implementation is feasible or not as I am stuck and might need to switch to ASWebAuthenticationSession as I found in one of the forums it's suggested that we need to use Kerberos SSO for this to work. https://forums.developer.apple.com/forums/thread/49956?answerId=147943022#147943022

Please guide me if this type of authentication can be achieved with WKWebView with MDM. Also, I am new to this type of authentication and my knowledge is limited to the forums and articles that I am going through.

Thanks,

Neha Sinha

0
WKWebView Challenges while authenticating PIV Certificates
First post date Last post date
 
 
Q