英文:
iOS - Accessing Certificates enrolled by Blackberry UEM
问题
I am developing an iOS App that is enrolled to the companies iOS devices via Blackberry UEM.
我正在开发一款iOS应用程序,通过Blackberry UEM注册到公司的iOS设备。
The app needs to access a client certificate, that is also enrolled via Blackberry UEM.
该应用需要访问一个客户证书,该证书也通过Blackberry UEM注册。
How can the app access these certificates, because under iOS an app has only access to its own KeyChain.
该应用如何访问这些证书,因为在iOS下,应用只能访问自己的KeyChain。
Do I have to use the Blackberry Dynamics SDK.
我是否必须使用Blackberry Dynamics SDK。
The Blackberry Administrator told me, the app is running outside the Dynamics container and I want to avoid linking against the SDK.
Blackberry管理员告诉我,该应用在Dynamics容器之外运行,我想避免与SDK进行链接。
I tried to read the certificates, installed via Blackberry UEM, via SecItemCopyMatching queries, but cannot access them.
我尝试使用SecItemCopyMatching查询来读取通过Blackberry UEM安装的证书,但无法访问它们。
Please tell me, if accessing them is possible.
请告诉我,是否可以访问这些证书。
With or without Blackberry Dynamics SDK.
无论是否使用Blackberry Dynamics SDK。
英文:
I am developing an iOS App that is enrolled to the companies iOS devices via Blackberry UEM.
The app needs to access a client certificate, that is also enrolled via Blackberry UEM.
How can the app access these certificates, because under iOS an app has only access to its own KeyChain.
Do I have to use the Blackberry Dynamics SDK.
The Blackberry Administrator told me, the app is running outside the Dynamics container and I want to avoid linking agains the SDK.
I tried to read the certificates, installed via Blackberry UEM, via SecItemCopyMatching queries, but cannot access them.
Please tell me, if accessing them is possible.
With or without Blackberry Dynamics SDK.
答案1
得分: 1
根据您帖子中的信息,似乎您的iOS设备具有MDM(移动设备管理)配置文件,并且您正在利用它来部署非Dynamics原生iOS应用程序到您的设备。BlackBerry Dynamics是一个完全自包含的MAM(移动应用程序管理)平台,不需要MDM,因此在BYOD(自带设备)部署中广泛使用。在使用Dynamics时,是否使用MDM由组织自行决定,许多组织仅将MDM应用于其公司拥有的设备。
在默认设置下,通过UEM推送用于Dynamics应用程序(包括Work - 企业邮件和Access - 企业浏览器)的客户端证书将存储在Dynamics证书存储中,该存储由Dynamics运行时软件保护。在UEM选项中,也可以将证书存储在iOS密钥库中,但这通常是用于特殊用途。即使对于那些希望利用iOS密钥库进行证书存储的客户,我也不确定非Dynamics应用程序是否能够根据iOS强制执行的访问规则来利用这些证书。
因此,建议使用BlackBerry Dynamics SDK。正如您的管理员建议的那样,您当前是在Dynamics容器之外运行,因此无法访问任何Dynamics功能。
英文:
Based on the info in your post, it appears that your iOS devices have an MDM (mobile device management) profile and you are leveraging that to deploy a non-Dynamics native iOS application to your devices. BlackBerry Dynamics is a fully self contained MAM (mobile application management) platform which does not require MDM so it works the same with or without MDM thus its heavy usage in BYOD deployments. The use of MDM with Dynamics is at the discretion of an organization with many applying MDM only to their corporate owned devices.
With default settings, when pushing client certificates via UEM for use by Dynamics apps, including Work (enterprise email) and Access (enterprise browser), these are stored in the Dynamics certificate store which is secured via software by the Dynamics runtime. It is possible within UEM options to have the certificates stored in the iOS keystore but this is usually for special use cases. Even for those customers who do want to leverage the iOS key store for the certificate storage I am not sure a non-Dynamics application would even be able to leverage those certs based on the iOS enforced access rules.
So yes the recommendation would be to use the BlackBerry Dynamics SDK. As your administrator has advised you are running outside of the Dynamics container and thus currently have no access to any Dynamics capabilities.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论