Use integrated authentication to pass single sign on (SSO) credentials or certificates to use to authenticate to web sites like content repositories and wikis. Set the function in the Workspace ONE UEM console and add a list of allowed sites. Then use the challenge handler in your application to handle incoming authentication challenges.

See Configure Integrated Authentication for the Default SDK Profile for information on setting integrated authentication in the Workspace ONE UEM console.

Challenge Handler Methods for Challenges

Find the challenge handler in the AWController class of the SDK. Inside the AWController, use the listed methods to handle an incoming authentication challenge for connections made with NSURLConnection and NSURLSession.

Method Description

func canHandle(_ protectionSpace: URLProtectionSpace, withError error: Error?) -> Bool

Checks that the AirWatch SDK can handle this type of authentication challenge. The SDK makes several checks to determine that it can handle challenges.

  1. Is the Web site challenging for authentication on the list of allowed sites in the SDK profile?
  2. Is the challenge one of the supported types?
    • Basic
    • NTLM
    • Client certificate
  3. Does the SDK have a set of credentials to respond?
    • Certificate
    • User name and password

If all three of the criteria are met, then this method returns YES.

The SDK does not handle server trust, so your application must handle NSURLAuthenticationMethodServerTrust.

func handleChallenge(forURLSessionChallenge challenge: URLAuthenticationChallenge, completionHandler: @escaping (_ disposition: URLSession.AuthChallengeDisposition, _ credential: URLCredential) -> Void) -> Bool

Responds to the actual authentication challenge from a network call made using NSURLSession.

This method is the same as the handleChallenge method, except the system uses this method with calls made with NSURLSession. This call involves using a completion block to handle authentication challenges.