For certificate based SSO authentication, due to the restriction from handling certificates in pure JavaScript, a native counterpart on the device must be interfaced, such as the Hybrid Web Container, using its existing Certificate.js.
In this sample script, a Datajs custom HTTP client is used to encapsulate the client certificate component of certificate based SSO. You can provision signed certificate from a local file, a server, or from Afaria, based on the device platform, using the existing Certificate API. You can choose to set the results of the API call as the password.
/** * Sybase Hybrid App version 2.2 * * Datajs.Certificate.js * This file will not be regenerated, and it is expected that the user may want to * include customized code herein. * * The template used to create this file was compiled on Mon Aug 23 16:43:02 CST 2012 * * Copyright (c) 2012 Sybase Inc. All rights reserved. */ // Capture datajs' current http client object. var oldClient = OData.defaultHttpClient; var cert_username = ""; var cert_password = ""; // Creates new client object that will attempt to handle Certificate authentication. var certClient = { request: function (request, success, error) { if (request.requestUri.substr(0, 8) === "https://") { if (request.password != undefined) { // The following script gets the signed certificate data for the first // p12 file found on the sdcard var certStore = CertificateStore.getDefault(); var certPaths = certStore.listAvailableCertificatesFromFileSystem("/sdcard/", "p12"); var cert = certStore.getSignedCertificateFromFile(certPaths[0], request.password); var cert_username = cert.subjectCN; var cert_password = cert.signedCertificate; // Redo the OData request for the protected resource var newRequest = { headers : request.headers, requestUri : request.requestUri, method : request.method, user : cert_username, password : cert_password }; // Call back into the original http client. return oldClient.request(newRequest, success, error); } } return oldClient.request(request, success, error); } }; // Can either pass certClient explicitly, or set it globally for the page as the default: OData.defaultHttpClient = certClient;
When sending a forwarded client certificate through an intermediary, set the value to “SSL_CLIENT_CERT” in the XHR’s HTTP request header, as shown in this example:
/** * Sybase Hybrid App version 2.2 * * Datajs.Certificate.js * This file will not be regenerated, and it is expected that the user may want to * include customized code herein. * * The template used to create this file was compiled on Mon Aug 23 16:43:02 CST 2012 * * Copyright (c) 2012 Sybase Inc. All rights reserved. */ // Capture datajs' current http client object. var oldClient = OData.defaultHttpClient; // Creates new client object that will attempt to handle Certificate authentication. var certClient = { request: function (request, success, error) { if (request.requestUri.substr(0, 8) === "https://") { if (request.user != undefined && request.password != undefined) { // The following script gets the signed certificate data for the first // p12 file found on the sdcard var certStore = CertificateStore.getDefault(); var certPaths = certStore.listAvailableCertificatesFromFileSystem("/sdcard/","p12"); var cert = certStore.getSignedCertificateFromFile(certPaths [0] , request.password); // Append existing headers. var newHeaders = []; if (request.headers) { for (name in request.headers) { newHeaders[name] = request.headers[name]; } } // newHeaders["SSL_CLIENT_CERT"] = cert.signedCertificate; // Redo the OData request for the protected resource var newRequest = { headers : newHeaders, requestUri : request.requestUri, method : request.method, user : request.user, password : request.password }; // Call back into the original http client. return oldClient.request(newRequest, success, error); } } return oldClient.request(request, success, error); } }; // Can either pass certClient explicitly, or set it globally for the page as the default: OData.defaultHttpClient = certClient;