Customer is trying to run iOS official sample using its msso_config.json and always get SSL pinning error:
Running on Android it works successfully.
Environment:
Log error:
2022-02-17 16:26:44.523411-0300 MASAuthentication[10456:308591] Response headers : (null)
2022-02-17 16:26:44.525512-0300 MASAuthentication[10456:308591] Response headers : (null)
2022-02-17 16:26:44.537188-0300 MASAuthentication[10456:308591] -[MASMainViewController invokeAPI:]_block_invoke_2 [Line 363] endpoint result: {
}
How can we make it work ?
Release : 4.2
Component : MOBILE API
Apple blocks communication below TLS 1.3
1. In iOS the msso_config.json is expected to have the complete chain of certificates in the server/server_certs section.
iOS does a strict evaluation of server_trust during ssl handshake to check if all the certs in the msso_config.json match.
https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/mobile[…]os-2-2-guide/SSL-Pinning-and-SSL-Trusted-Certificates.html
2. Problem Resolved after Adding NSAllowsArbitraryLoads in the app info.plist
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
option was used because "Apple blocks communication below tls 1.3"
Note: MASFoundation doesn't differentiate these errors as non ssl pinning error yet and treats these errors as part of SSL pinning. Because these errors are very generic from Apple.
https://developer.apple.com/documentation/bundleresources/information_property_list/nsapptransportsecurity/nsallowsarbitraryloads