Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/jamf/certificatesdk
Get Certificates From Jamf Pro Into Your iOS Apps
https://github.com/jamf/certificatesdk
certificates jamfpro sdk-ios
Last synced: 19 days ago
JSON representation
Get Certificates From Jamf Pro Into Your iOS Apps
- Host: GitHub
- URL: https://github.com/jamf/certificatesdk
- Owner: jamf
- License: mit
- Created: 2019-04-08T14:11:43.000Z (over 5 years ago)
- Default Branch: main
- Last Pushed: 2024-06-14T19:27:43.000Z (6 months ago)
- Last Synced: 2024-06-15T17:39:45.057Z (6 months ago)
- Topics: certificates, jamfpro, sdk-ios
- Language: Objective-C
- Homepage:
- Size: 2.39 MB
- Stars: 13
- Watchers: 12
- Forks: 5
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
## Jamf Certificate SDK
When the Jamf Certificate SDK is integrated with your iOS or visionOS app, it provides a secure process
that allows the app to request a certificate from a certificate authority (CA) via Jamf Pro. Certificates
can be used to establish identities that support certificate-based authentication to perform Single Sign-On
(SSO) or other actions specific to your environment.See [Distributing an In-House App Developed with the Jamf Certificate SDK](https://learn.jamf.com/en-US/bundle/technical-paper-integrating-ad-cs-current/page/Distributing_an_In-House_App_Developed_with_the_Jamf_Certificate_SDK.html) for more details.
--------
### Installation
Jamf Certificate SDK is available through the [Swift Package Manager](https://swift.org/package-manager/).
To install via the Swift Package Manager add the following line to your `Package.swift` file's `dependencies`:
```swift
.package(url: "https://github.com/jamf/CertificateSDK.git", from: "2.0.0")
```--------
#### Framework Architectures
The included XCFramework ships with support for the iOS and visionOS simulators on Apple Silicon and Intel-based Mac computers, and iOS and visionOS devices using the arm64 architecture. This allows app developers to use the
framework on actual iOS and visionOS devices and in the simulators while developing and testing their apps.--------
### Managed App Configuration Required Settings
To ensure proper use of the SDK, the app is required to be distributed by Jamf Pro. During distribution,
a managed app configuration can be specified that will let the SDK communicate with Jamf Pro and request
the proper certificate. Here is a sample managed app configuration that can be used as a basis for your own app.*Note that you can add your own key/value pairs to the managed app configuration to configure other parts of your app.* Jamf's keys are all prefixed
with `com.jamf.config.` so they will not clash with your own naming conventions for keys.
com.jamf.config.jamfpro.invitation
$MOBILEDEVICEAPPINVITE
com.jamf.config.device.udid
$MANAGEMENTID
com.jamf.config.jamfpro.url
https://the_jamf_pro_server_url_goes_here/
com.jamf.config.certificate-request.pkiId
1
com.jamf.config.certificate-request.template
User2
com.jamf.config.certificate-request.subject
cn=something
com.jamf.config.certificate-request.sanType
rfc822Name
com.jamf.config.certificate-request.sanValue
[email protected]
com.jamf.config.certificate-request.signature
$JAMF_SIGNATURE_com.jamf.config.certificate-request
###### MAC key discussion
`com.jamf.config.device.udid`: The device identifier of the device the app is installed on. Starting with
Jamf Pro 11.5.1, the value must be `$MANAGEMENTID` to support both company-owned and BYOD devices. In Jamf
Pro 11.5.0 and earlier, the value must instead be `$UDID` and only company-owned devices are supported.`com.jamf.config.jamfpro.url`: The value should be filled in with your Jamf Pro Server's URL.
The keys prefixed with `com.jamf.config.certificate-request` are used during certificate generation. They
will be specific to your organization. You should confer with those responsible for Jamf Pro and your
Certificate Authority to ensure the proper settings are configured for your app.* `pkiId`: (an integer but typed as string in the MAC) Jamf Pro ID of the PKI Integration/Certificate Authority to be used; find this in the Jamf Pro
web UI at Settings > PKI Certificates > Your ADCS CA settings and then look in the URL bar for the number after "id=". You should have a URL something like "adcsSettings.html?id=3" and enter the number `3` in the MAC
* `template`: (string) Certificate template name as defined in your CA
* `subject`: (string) Subject to include in the certificate signing request
* `sanType`: (string) One of 'rfc822Name', 'dNSName', or 'uniformResourceIdentifier'
* `sanValue`: (string) Subject Alternative Name to include in the certificate signing requestWith the `subject` and `sanValue` fields, variable substitution is available as discussed under [Payload Variables for Configuration Profiles](https://learn.jamf.com/en-US/bundle/jamf-pro-documentation-current/page/Mobile_Device_Configuration_Profiles.html#ariaid-title3).
--
Additional reference documentation is available in
[Integrating the Jamf Certificate SDK with Mobile Device Apps Deployed by Jamf Pro](https://learn.jamf.com/bundle/jamf-certificate-sdk/page/Overview.html).