VMware Workspace ONE Community
floriankr
Contributor
Contributor

airwatch-sdk integrated authentication with user certificate and ionic 4 / cordova

We developed a mobile app for a customer with ionic-cordova framework. The app is a simple frontend for a time tracking system and we're calling a REST API with the ionic native http client. The REST API is hosted on the customers infrastructure and the app have to authenticate it self with a certificate. It's possible to do this with username and password. This works fine and the app is running outside from airwatch without the sdk.


 


The customer wants to deploy the app via ' Airwatch / Workspace ONE'  and uses the integrated authentication with a user specific certificate. We integrated the sdk, how it is described in the documentation, removed all plugins, added the sdk as first plugin and re-added the other plugins again. We implemented the sdkEventListener to get the airwatch container state and this cames up with ' initSuccess'  and the correct username. In the android trusmanager we're able to see the certificate and verify it's distribution. On the device is chrome preinstalled and it's possible to call the API via the web browser. Chrome asks me for a certificate. The same works with the deploeyd ' Workspace ONE - Web'  browser.


 


If we're starting the app, the request is not authenticated. The expected behavior is, that the airwatch-sdk take over the authentication and selects the right certificate automatically or at least start the selection dialog (worked with an older app from 2018).


 


It appears that the certificate will not be used. (This is the Problem)


 


In the documentation this is one of the core features ' The plugin auto-starts on both Android and iOS devices and it automatically starts the AirWatch SDK'  and ' adds the listed features to your application - e. g. Integrated authentication / single sign on' . The SDK profile is configured accordingly ' Integrated Authentication with Certificate' .


 


Is there anyone, who can confirm a working sdk with cordova, ionic and integrated authentication with certificate in a similar environment?


Can anyone report known issues?


Any help would be appreciated.


=========================================================================


Notes:


- In another app from 2018 we developed a ionic 3 app for the same customer. The integrated authentication worked in the old environment. The app was wrapped in the airwatch console. Now wrapping fails for both apps.


- We tried some cordova plugins based on cordova-plugin-client-cer-authentication without success. - Our customer is in contact with the support, too


Environment:


Fedora 30


Android SDK Platform-Tools: 29.0.5


Android SDK Tools 26.1.1


android-minSdkVersion 24


ionic-cli v5.4


ionic/angular 4.7.1


angular/core 8.2.13


cordova 9.0.0


Airwatch / Workspace ONE Console 1903


test device: Galaxy A5 (2017) - Android 8.0.0 (API Level 25) VMWare Intelligent Hub v19.11.1.5


Ionic / Cordova Plugins:


airwatch-sdk-plugin for cordova v1.5.1


cordova-plugin-whitelist 1.3.3


cordova-plugin-statusbar 2.4.2


cordova-plugin-device 2.0.2


cordova-plugin-splashscreen 5.0.2


cordova-plugin-ionic-webview 4.0.0


cordova-plugin-ionic-keyboard 2.0.5


cordova-plugin-badge 0.8.8


cordova-plugin-advanced-http 2.3.0


cordova-plugin-file 6.0.2

Labels (1)
Reply
0 Kudos
7 Replies
floriankr
Contributor
Contributor

Reply
0 Kudos
EvanHurst
VMware Employee
VMware Employee

Hi Florian,

Have you already raised a formal support ticket for this issue? As far as I can tell in your post, this is a supported use case so we'd like to dig in to see what's going wrong.

Thanks,
SDK Product Team
Reply
0 Kudos
floriankr
Contributor
Contributor

Hi,

yes our customer tried to open a ticket, but your company rejected this. We're trying to find a solution in parallel.
Reply
0 Kudos
MadhavanBhattat
Contributor
Contributor

Hi Florian,

Will it be possible to share any app logs (logcat)  for the issue?

Thanks
Reply
0 Kudos
floriankr
Contributor
Contributor

Hi,


if you're asking for specific logs, please tell me. Logcat is about 22.000 lines.
Below are anonymized airwatch logs.


https://pastebin.com/H424iuXD


The app affects only logs for SystemWebChromeClient and chromium. This logs are inconspicuous and containing only my custom console log.

Reply
0 Kudos
MadhavanBhattat
Contributor
Contributor

Hi,

As per the shared logs, the app did not get the certificate.
Reply
0 Kudos
floriankr
Contributor
Contributor

Hi,


thank you for your response. I assume that the problem is in the airwatch console?


The settings in the SDK profile are working with other apps. One is our ionic 3 app.
I don't have access to the airwatch console, only an overview about the settings.
In the menu item ' Authentication'  ' Integreated Authentication'  is selected, the certificate and allowed sites are set.
In the ' Credentials'  item Source, CA and Template are set.

Reply
0 Kudos