SSL pinning on MobileFirst 6.3 project
Is it possible to implement SSL pinning on MobileFirst 6.3 project ?
Built-in Certificate Pinning is available in MobileFirst 7.1; consider upgrading.
Otherwise you may be able to find 3rd part Cordova plug-ins that provide Certificate Pinning functionality.
Related
Keeping things simple: I need to add client certificate to a mobile app developed in Titanium but I have no clue about how to start.
I have found no info on the next, except:
A reference on Titanium Dev Site to a 'securityManager' class, which should finally implement a platform-based method.
An HTTPS module for Titanium but seems to cover only server key pinning, not client certificate.
On the other hand I was trying to find any additional component which speeds up integration of a TLS layer, including the client cert. feature. So far I have found this but it seems that the HTTP feature is not well documented.
Basically the question is, is there any way to implement client certificates on Titanium Appcelerator? (versions SDK 5.5.0; Studio 4.7.1).
Any suggestion will be greatly appreciated.
Unfortunately the pinning was not enough in our case, we have a client asking specifically for Certificate Authentication.
I ended up rewriting a whole new http client starting from this module
https://github.com/ioxdue/two-way-authentication/tree/master/HTTPSSLTiModule
The delegate "didReceiveAuthenticationChallenge" only works with NSURLConnection, Titanium used to use that library up to the 3.4.0 SDK but then switched to a different library.
I'm doing some research on cross-platform mobile development with NativeScript and I've been unable to find any information on certificate pinning in NativeScript. I know Telerik provides the secure-http module to achieve true certificate pinning for hybrid mobile apps, maybe I looked over it in their roadmap.
Cheers.
Yes you can do it via one module is called nativescript-https
Install the plugin:
tns plugin add nativescript-https
You required to setup certificate as well, Please check this nativescript-https for more details
I want to implement OAuth in Worklight 6.2. I searched the internet and couldn't find any document related to this. Please help me with the document required to implement in Worklight 6.2.
There is no built-in OAuth support in Worklight 6.2.
The steps to integrate such support are detailed in the following article, written for Worklight 6.1, but suitable for 6.2 as well
Connect IBM Worklight hybrid mobile apps to LinkedIn services using OAuth
This article demonstrates doing so for LinkedIn, so you will need to adjust it accordingly for your use case.
How do I configure the worklight app to enable authenticity testing?
I am unable to find exact step by step guide at IBM Worklight 6.1 Information Center.
This topic has a training module. You can find it in the Authentication and Security section of IBM Worklight Getting Started, under "Application Authenticity Protection".
You may also want to look at this question: IBM Worklight - How to enable App Authenticity in Worklight Console?
P.S.,
It's also in the Information Center:
IBM Worklight application authenticity overview
Controlling authenticity testing for an app
How can we implement client side SSL in J2ME?
Any available resource or source code??
I want to validate the particular service is accessed by a particular phone.
The bouncycastle Java libraries have a J2ME version (now called JME) that includes an SSL/TLS api.