Integrated Authentication

A typical enterprise application may be accessing a endpoints which would require authentication from the end user. Prompting the end user to authenticate every single time may not be the best user experience. AirWatch SDK addresses this problem by providing helper classes to perform Integrated Authentication. Integrated Auth allows you to capture the enrollment credentials/ AD User Certificates/ Kerberos Authentication and be presented to the authentication endpoints. AirWatch also allows the configuration where you can allow only certain domains so that the authentication credentials are not exposed unintentionally.

In the previous section, we had to enter the enrollment credentials in order to authenticate to the Log In prompt. In this section, we will see how can we can authenticate automatically using Integrated Authentication.

1. Xcode implementation for Integrated Auth

In this section, we will complete the code implementation to perform integrated auth with our Room Finder app.

1.1. Import header and add a variable in RFURLSession.swift

Import header and add a variable in RFURLSession.swift
  1. From the left side panel, expand "RoomFinder".
  2. Select the file "RFURLSession.swift".
  3. Import the umbrella header "AWSDK".
  4. Create and initialize a new variable as per the screenshot.

Note: We are going to perform all the code implementations in the same file RFURLSession.swift for this section.

Code snipper as shown in the screenshot:

import AWSDK

private var sdkCouldNotHandleChallenge: Bool = false

1.2. Implement URLSession Function

In the same file, RFURLSession.swift, implement the URLSession method, as per the screenshot.

  1. canHandleProtectionSpace checks that the AirWatch SDK has the means to handle this type of authentication challenge. e.g. Basic, NTLM, Client Certificate.
  2. handleChallengeForURLSessionChallenge Responds to the actual authentication challenge from a network call made using NSURLSession.

Code snippet as shown in the screenshot:

public func URLSession(session: NSURLSession, didReceiveChallenge challenge: NSURLAuthenticationChallenge, completionHandler: (NSURLSessionAuthChallengeDisposition, NSURLCredential?) -> Void) {

       if(challenge.previousFailureCount == 0) {

           do {

               try AWController.clientInstance().canHandleProtectionSpace(challenge.protectionSpace)

               if(AWController.clientInstance().handleChallengeForURLSessionChallenge(challenge, completionHandler: completionHandler)) {

                   print("challenge handled successfully")

                   print (" previous failure count" + String(challenge.previousFailureCount))

                   try AWController.clientInstance().canHandleProtectionSpace(challenge.protectionSpace)


               else {

                   self.handleURLSessionChallenge(session, didReceiveChallenge: challenge, completionHandler: completionHandler)



           catch {

               self.handleURLSessionChallenge(session, didReceiveChallenge: challenge, completionHandler: completionHandler)



       else {

           sdkCouldNotHandleChallenge = true

           self.handleURLSessionChallenge(session, didReceiveChallenge: challenge, completionHandler: completionHandler)



1.3. countToConsider for code completion

  1. In the same file RFURLSession.swift,in the method handleURLSessionChallenge implement the code as per the screenshot for completion.

Code snipper as shown in the screenshot:

var countToConsider = 0

if(sdkCouldNotHandleChallenge) {

countToConsider = 1


1.4. Source Tree checkout for Integrated Authentication

Source Tree checkout for Integrated Authentication

The code implementation so far can be checked out from Source Tree using the commit "Integrated Authentication".

2. Validate Integrated Authentication on the enrolled device

In this section, we will validate the code implementation in the previous step. The Room Finder app is already assigned a SDK profile pre-configured in the AirWatch Console. This profile is configured to perform integrated authentication by presenting the enrollment credentials when there is an authentication prompt from the internal Exchange URL.

2.1. Run the application via Xcode

  1. Ensure that you are getting Build as "Succeeded" after building your Xcode project.
  2. Select the physical device connected to your Mac.
  3. Click on "Build and then Run" icon to install the application on your enrolled iPad.

2.2. Validate Integrated Authentication

Validate Integrated Authentication
  1. Notice that URL is auto-populated as before.
  2. Click on "Login".
  3. Notice that you do not have to enter authentication credentials to find the rooms. We extracted the enrollment credentials and passed them to the Exchange URL as part of our Integrated Authentication flow.


Add your comment

E-Mail me when someone replies to this comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.