0

When I connect to an SSO X509 connection that requires client certificate, I provide the credential and it succeeds. Next time the didReceiveChallenge delegate method is hit, auth method is NSURLAuthenticationMethodServerTrust and I have the following code for this authMethod

completionHandler(NSURLSessionAuthChallengeUseCredential,[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]);

For the next request, I again get authMethod as NSURLAuthenticationMethodClientCertificate.

So basically for every request, the delegate method is hit twice, once with authMethod as NSURLAuthenticationMethodClientCertificate and second time with authMethod NSURLAuthenticationMethodServerTrust

I do not want to repeatedly get authMethod as NSURLAuthenticationMethodClientCertificate for every request.

What is the reason for this and how to avoid it? It affects performance to authenticate each time

user584263
  • 375
  • 5
  • 18

1 Answers1

0

I'm aware of three things you need to do to avoid that problem:

  • Reuse NSURLSession sessions as much as possible. Neither sockets nor the TLS session cache are shared from one session to another, so if you don't reuse sessions, you'll get hit with a full-blown authentication for every request.
  • Make sure your server properly supports reconnecting to an existing session and is configured to allow this.
  • Use Wi-Fi when possible. IIRC, for power management reasons, the OS is much more aggressive at killing connections when on cellular than when on Wi-Fi. You won't necessarily get hit with a full auth cycle just because you created a new connection (the TLS cache usually lets you reconnect to an existing TLS session on the server), but it is more likely.

If none of those things help, open a DTS incident, and Quinn or Rich can help you debug the problem. :-)

dgatwood
  • 10,129
  • 1
  • 28
  • 49