Released: December 24, 2021
MAG SDK now supports browser-based authentication even after being redirected to open a third-party app for external authentication.
MAG SDK supports ASWebAuthenticationSession to authenticate a user through a web service. We support Browser Based Authentication using the following system browsers in iOS: ASWebAuthenticationSession SFSafariViewController
You can now disable SSL pinning using SDK APIs. Set MAS setSSLPinningEnabled to NO to disable SSL pinning globally for entire SDK. By default, this value is set to YES. If you want to disable SSL pinning per host, set [[MASSecurityConfiguration alloc] initWithURL:{HOST URL}].allowSSLPinning. By default, this value is set to YES.
API Gateway v10.0 CR3 supports TLS 1.3 and so MAG SDK now supports TLS 1.3 protocol and RSA-PSS on Android 10 and later versions. For devices running on Android 9 and previous versions, TLS 1.3 is not supported and you need to enable both the versions, TLS 1.2 and TLS 1.3, on API Gateway.
| CA Mobile API Gateway | CA API Management OAuth Toolkit | CA API Gateway | Mobile SDK for CA Mobile API Gateway |
|---|---|---|---|
| 4.2.1 | 4.4.1 | 10.1, 10.0, 9.4 | 2.2, 2.1, 2.0 |
| 4.2 | 4.4, 4.3.1 | 10.1, 10.0, 9.4 | 2.1, 2.0 |
| 4.2 | 4.2 | 10.0, 9.4 | 2.1, 2.0 |
Note: All minor versions (CRs) are supported as part of the major release.
Note: Some Mobile SDK features depend on a specific version of CA Mobile API Gateway. Check MAG Feature Release Comparison, or contact Developer Support.
| Platform | Supported |
|---|---|
| iOS | |
| Android |
Note: Cordova and Xamarin support for CA Mobile API Gateway SDK is being deprecated. Version 2.1 of the SDK is the last version for Xamarin and Cordova support. For more information, see this announcement.
Note: Our Mobile SDK is tested only on devices using official platform versions. The SDK may behave in unexpected ways if users have devices with unsupported versions.
| Issue or Limitation | Description | Workaround |
|---|---|---|
| F88484 : iOS13 Apple Login support | On iOS 13, Apple is introducing sign in with Apple, this feature is not supported on the current version of Mobile API Gateway | Will be considered in the future release |
iOS
Android
Released: March 12, 2020
Enhanced ability of the Layer7 Mobile SDK for Android to work seamlessly in the Doze Mode (battery saving state).Mobile SDK now allows the background tasks to continue and upload mission critical data even in the Doze mode. Use cases which are benefitted by this capability is patient hearbeat data regular uploaded to backend systems.
Layer7 Mobile SDK for iOS now allows the developers to cancel any one or all the requests which are in progress. This feature helps in aligning the capabilty with the Layer7 Mobile SDK for Android. To know more about the feature please see Cancel API
Layer7 Mobile SDK 2.1.00 now provides support for AndroidX. This replaces the dependency over the deprecated Android support libraries. Consumers of the Mobile SDK, must upgrade their applications to AndroidX.
Starting April'20 Apple won't allow any apps using UIWebView, hence Layer7 Mobile SDK for iOS migrated all the reference and usages of UIWebView with WKWebView without affecting the functionality of any of the dependent features. In Layer7 Mobile SDK, UIWebView was refernenced as part of the Enterprise Browser functionality, hence it is mandatory for all the applications integrated with Enterprise Browser functionality to use Layer7 Mobile SDK 2.1.00.
Starting Layer7 Mobile SDK 2.1.00, below frameworks are not supported by Broadcom.
- Identity Management
- User to User Messaging
- Cloud Storage
Note: iOS MASConnecta Framework would be removed since it only catered to User-2-User Messaging. Pub/Sub capability is served using MASFoundation Framework
| CA Mobile API Gateway | CA API Management OAuth Toolkit | CA API Gateway | Mobile SDK for CA Mobile API Gateway |
|---|---|---|---|
| 4.2 | 4.4, 4.3, 4.2 | 10.0, 9.4, 9.3 | 2.1, 2.0, 1.9, 1.8, 1.7 |
| 4.1 | 4.3, 4.2 | 9.3 | 2.0, 1.9, 1.8, 1.7, 1.6 |
| 4.0 | 4.1*, 4.0 |
9.2 | 2.0 1.9, 1.8, 1.7, 1.6, 1.5, 1.4 |
| 3.3 | 3.6 | 9.2, 9.1** |
2.0, 1.9. 1.8, 1.7, 1.6, 1.3 |
| 3.2 | 3.5 | 9.1 | 2.0, 1.9, 1.8, 1.7, 1.6, 1.2 |
* Requires software compatibility patch. See OTK 4.1 Release Notes.
** Cassandra 3.x is not support in CA API Gateway version 9.1.x.
Note: All minor versions (CRs) are supported as part of the major release.
Note: Some Mobile SDK features depend on a specific version of CA Mobile API Gateway. Check MAG Feature Release Comparison, or contact Developer Support.
| Platform | Supported |
|---|---|
| iOS | |
| Android | |
| Cordova | |
| Xamarin |
Note: Our Mobile SDK is tested only on devices using official platform versions. The SDK may behave in unexpected ways if users have devices with unsupported versions.
| Issue or Limitation | Description | Workaround |
|---|---|---|
| F88484 : iOS13 Apple Login support | On iOS 13, Apple is introducing sign in with Apple, this feature is not supported on the current version of Mobile API Gateway | Will be considered in the future release |
iOS
Android
Cordova
Xamarin
Released: October 3, 2019
Add iOS13 support for Cordova and Xamarin. Please see the release notes of 1.9.20 for details of the changes made to support iOS13.
- iOS native
- Xamarin
- Cordova iOS
In order to make your app compatible with the latest iOS version, you will be required to upgrade to iOS13 compatible SDK versions. in summary, they are Layer7 Mobile SDK 2.0.00 for Cordova and Xamarin, and SDK 2.0.00 or SDK 1.9.20 for iOS.
For details, see:
Layer7 Mobile SDK 2.0.00 is compatible with Android 10 updates. The upgrade would not have any functional impact to the applications using the Layer7 Mobile SDK.
Note: Starting SDK 2.0.00, SSL pinning has become more stricter in that the SDK validates the entire chain of Certificates starting from Leaf and up to the root. SDK expects the chain of certificates to be present in the msso_config.json file.
For details see : Prepare for SSL Pinning Updates
With Layer7 Mobile SDK 2.0.00 release we have enhanced the user experience (along with the security) by introducing the capability to enable certificate pinning at the Intermediate level. This would enable developers and administrators to have the freedom to renew/rotate the Leaf certificates without forcing the application to be updated. So even if the Leaf Certificate expires, SSL pinning would work as long as Intermediate certificate is valid. Layer7 Mobile SDK (iOS) enhanced the existing MASSecurityConfiguration Object to have the capability to set the Pinning Mode. Developers can choose to set the Pinning Mode as per their Security requirement. Default behaviour remains unchanged from previous releases. For details see: Enable SSL Intermediate Certificate Pinning
Layer7 Mobile SDK 2.0.00 now provides a public API which can be used to upload one or many files to a backed service routed via Layer7 API Gateway. The SDK API is secured via OAuth protocol and allows only Verified Devices (registered to MAG) to perform the upload action. The API provides a real-time File Upload Progress Feedback to the application, which the application can use to show the Progress to the user. For details see :
- Secure File Upload - iOS
- Secure File Upload - Android
- Secure File Upload - Cordova
- Secure File Upload - Xamarin-iOS
- Secure File Upload - Xamarin-Android
Layer7 Mobile SDK 2.0.00 has enhanced capability which allows developers to set Timeout values at Global and at individual CRUD operation level. This capability will enable long running tasks to not timeout due to network latency or other operation specific delays. For details see:
As Apple recently started enforcing to have privacy consent in application's info.plist for all the apps that have API reference in their code regardless whether the application is actually calling the API or not, our customer started experiencing app rejection through App Store because of our BLE code in MASFoundation. So we decided to Decouple the Proximity Framework (which hosts QRCode, BLE based login) out of the MAS Foundation Framework, such that our customers can opt-in only when they want to do Proximity Login. Now Developers have to include MASProximity Framework separately while developing their application.
CA Mobile API Gateway and Samsung SDS Nexsign Integration is not part of this release.
| CA Mobile API Gateway | CA API Management OAuth Toolkit | CA API Gateway | Mobile SDK for CA Mobile API Gateway |
|---|---|---|---|
| 4.2 | 4.3, 4.2 | 9.4, 9.3 | 2.0, 1.9, 1.8, 1.7, 1.6 |
| 4.1 | 4.3, 4.2 | 9.3 | 2.0, 1.9, 1.8, 1.7, 1.6 |
| 4.0 | 4.1*, 4.0 |
9.2 | 2.0 1.9, 1.8, 1.7, 1.6, 1.5, 1.4 |
| 3.3 | 3.6 | 9.2, 9.1** |
2.0, 1.9. 1.8, 1.7, 1.6, 1.3 |
| 3.2 | 3.5 | 9.1 | 2.0, 1.9, 1.8, 1.7, 1.6, 1.2 |
* Requires software compatibility patch. See OTK 4.1 Release Notes.
** Cassandra 3.x is not support in CA API Gateway version 9.1.x.
Note: All minor versions (CRs) are supported as part of the major release.
Note: Some Mobile SDK features depend on a specific version of CA Mobile API Gateway. Check MAG Feature Release Comparison, or contact Developer Support.
| Platform | Supported |
|---|---|
| iOS | |
| Android | |
| Cordova | |
| Xamarin |
Note: Our Mobile SDK is tested only on devices using official platform versions. The SDK may behave in unexpected ways if users have devices with unsupported versions.
| Issue or Limitation | Description | Workaround |
|---|---|---|
| F88484 : iOS13 Apple Login support | On iOS 13, Apple is introducing sign in with Apple, this feature is not supported on the current version of Mobile API Gateway | Will be considered in the future release |
iOS
- MASFoundation: ChangeLog
- MASConnecta: ChangeLog
- MASIdentityManagement: ChangeLog
- MASStorage: ChangeLog
- MASUI: ChangeLog
- MASProximity: ChangeLog
Android
Cordova
- Cordova-MAS-Foundation: ChangeLog
- Cordova-MAS-Connecta: ChangeLog
- Cordova-MAS-IdentityManagement: ChangeLog
- Cordova-MAS-Storage: ChangeLog
Xamarin
Released: September 18, 2019
We understand that Apple is expecting to announce the official release of iOS 13 in September, 2019. During the past few months, our team has been working with Apple’s beta releases, assessing the impact to our CA Mobile SDK for iOS, as well as the impact to dependent hybrid platforms: Xamarin® and Cordova™. Unfortunately, we have identified that the new version of iOS will cause core functionality from our SDK to stop working as expected. This means that users who update their device to iOS 13 will encounter problems with mobile apps built using CA Mobile SDK 1.9.10 and older
We made substantive changes to our Mobile SDK for iOS 13, and we sent out advanced customer notification, so you could prepare for these changes.
- iOS native
Note: iOS 13 for Cordova and Xamarin are not supported in this release.
Whether you have an existing Mobile SDK app, or this is your first app, review this section to ensure success with iOS 13 devices. Although the changes to iOS 13 were substantial, the changes you need to make are minimal.
Q. What change did you make to the Mobile SDK for iOS 13?
A. The key change is that CA Mobile SDK 1.9.20 introduces new error handling that handles the Null object for the ASN.1 Bit String Tag. On iOS 13, the ASN.1 decoder has an empty sub content for ASN.1 Bit String Tag. This causes a Null Pointer exception and crashes the Mobile app.
Q. What version of SDK and function are impacted by the error with iOS 13?
A. The crash happens during device registration when handling the certificate parsing. This problem doesn’t impact SDK 1.7 and older because a different library was used for certificate parsing. However, we are not running full qualification test on older versions of SDK with later versions of iOS, thus we are not officially adding any new iOS versions to SDK 1.7 platform support chart.
In order to make your app compatible with the latest iOS version, you will be required to upgrade to CA Mobile SDK 1.9.20
For details, see:
| CA Mobile API Gateway | CA API Management OAuth Toolkit | CA API Gateway | Mobile SDK for CA Mobile API Gateway |
|---|---|---|---|
| 4.2 | 4.3, 4.2 | 9.4, 9.3 | 1.9, 1.8, 1.7, 1.6 |
| 4.1 | 4.3, 4.2 | 9.3 | 1.9, 1.8, 1.7, 1.6 |
| 4.0 | 4.1*, 4.0 |
9.2 | 1.9, 1.8, 1.7, 1.6, 1.5, 1.4 |
| 3.3 | 3.6 | 9.2, 9.1** |
1.9. 1.8, 1.7, 1.6, 1.3 |
| 3.2 | 3.5 | 9.1 | 1.9, 1.8, 1.7, 1.6, 1.2 |
* Requires software compatibility patch. See OTK 4.1 Release Notes.
** Cassandra 3.x is not support in CA API Gateway version 9.1.x.
Note: All minor versions (CRs) are supported as part of the major release.
Note: Some Mobile SDK features depend on a specific version of CA Mobile API Gateway. Check MAG Feature Release Comparison, or contact Developer Support.
| Platform | Supported |
|---|---|
| iOS | 9.0 through 13.0 |
Note: Our Mobile SDK is tested only on devices using official platform versions. The SDK may behave in unexpected ways if users have devices with unsupported versions.
| Issue or Limitation | Description | Workaround |
|---|---|---|
| F88484 : iOS13 Apple Login support | On iOS 13, Apple is introducing sign in with Apple, this feature is not supported on the current version of Mobile API Gateway | Will be considered in the future release |
| Xamarin iOS13 support | Current version of SDK doesn’t support iOS13 on Xamarin | Will be considered in the future release |
iOS
- MASFoundation: ChangeLog
- MASConnecta: ChangeLog
- MASIdentityManagement: ChangeLog
- MASStorage: ChangeLog
- MASUI: ChangeLog
Released: December 13, 2018
The iOS and Xamarin-iOS SDKs now support iOS version 12.
We've improved device registration with the ability to create custom device attributes (nicknames) for devices. This feature makes it easier for end users to identify and track different devices in your UIs. Also, stored attributes can be used for troubleshooting queries ("search all devices in App A tagged with Android") and data analysis. Examples of useful custom device attributes are: alias, model, version, keys for encryption signing, and fingerprint authentication.
Developers manage custom device attributes in the Mobile SDK using add/delete/get methods.
Admins must configure the feature (fror example, max number of attributes) and APIs for creating custom device attributes. See Create Custom Device Attributes.
Introducing updated documentation for Social Login. The new blueprint format helps Developers and Admins understand the key tasks and handoffs to ensure successful implementation. Would you like to see more blueprints? Send us your feedback.
To support how Apple handles device IDs during app uninstall/reinstall, we redesigned the device registration in the iOS SDKs. As a result, you'll find these significant improvements:
- Extends the existing SSO intra-group app sharing (bundle identifier) to allow cross-group app sharing by adding a new keychain group identifier
- Allows SSO between iOS apps and widgets
- Further minimizes "Device is already registered" errors
See "Single Sign-On (SSO)":
The Mobile SDK now supports the RS256 algorithm for validating signatures of id tokens. In previous releases, only HS256 was supported.
MAG now supports JWT access token. For more information, see Token Configuration.
The Mobile SDK for Android is now compatible with ProGuard, the open source tool that makes Android and Java apps smaller and faster.
| CA Mobile API Gateway | CA API Management OAuth Toolkit | CA API Gateway | Mobile SDK for CA Mobile API Gateway |
|---|---|---|---|
| 4.2 | 4.3, 4.2 | 9.4, 9.3 | 1.9, 1.8, 1.7, 1.6 |
| 4.1 | 4.3, 4.2 | 9.3 | 1.9, 1.8, 1.7, 1.6 |
| 4.0 | 4.1*, 4.0 |
9.2 | 1.9, 1.8, 1.7, 1.6, 1.5, 1.4 |
| 3.3 | 3.6 | 9.2, 9.1** |
1.9. 1.8, 1.7, 1.6, 1.3 |
| 3.2 | 3.5 | 9.1 | 1.9, 1.8, 1.7, 1.6, 1.2 |
* Requires software compatibility patch. See OTK 4.1 Release Notes.
** Cassandra 3.x is not support in CA API Gateway version 9.1.x.
Note: All minor versions (CRs) are supported as part of the major release.
Note: Some Mobile SDK features depend on a specific version of CA Mobile API Gateway. Check MAG Feature Release Comparison, or contact Developer Support.
| Platform | Supported |
|---|---|
| iOS | |
| Android | |
| Cordova | |
| Xamarin |
Note: The Mobile SDK for Android is compatible with ProGuard, the open source tool that makes Android and Java apps smaller and faster.
Note: Our Mobile SDK is tested only on devices using official platform versions. The SDK may behave in unexpected ways if users have devices with unsupported versions.
| Issue or Limitation | Description | Workaround |
|---|---|---|
| DE388462: Special characters in email addresses | MAG, OTK, and the Mobile SDK supports special characters in email addresses as noted in the RFC 1779. However, the MAG and OTK do not support the following characters: & | | None. |
| US466920: Errors on specific devices | Unexplained or intermittent SDK errors occur only on specific devices, environments, | 1. Check that users are using a supported version for their platform. The Mobile SDK is tested only on devices using official platform versions. 2. Verify that devices are built using native SDKs. The Mobile SDK only supports devices built using native SDKs. (For example, some Huawei devices add plugins and use different libraries). 3. Verify that users have not jailbroken or unlocked the OS (iOS), or customized the device ROM (Android). If any of these are true, the user must move to supported devices and versions. |
| Request with client certificate on HTTP 403 fails | If the MAG/OTK is configured to generate an HTTP 403 error, and the client certificate is configured for mutual SSL, the Apple Transport Layer determines that the certificate is bad and kills the entire transaction with the following error: FAILED: Error Domain=NSURLErrorDomain Code=-1206 "The server “our.server.here” requires a client certificate. |
Developers can workaround the bug in their app, or Admins can change all HTTP status codes from 403 to another status code. |
| MCT-177: All SDKs Social login limitation | The current social login implementation supports user profiles. The Mobile SDK libraries MASIdentity (Users and Groups) and MASConnecta (Messaging/Pub/Sub) do not support social login. | To integrate social login with an Identity Provider (for example, LDAP), you must create a custom policy. Contact Services for help with customizing policies for IDPs. |
iOS
- MASFoundation: ChangeLog
- MASConnecta: ChangeLog
- MASIdentityManagement: ChangeLog
- MASStorage: ChangeLog
- MASUI: ChangeLog
Android
Cordova
- Cordova-MAS-Foundation: ChangeLog
- Cordova-MAS-Connecta: ChangeLog
- Cordova-MAS-IdentityManagement: ChangeLog
- Cordova-MAS-Storage: ChangeLog
Xamarin
Released: September 5, 2018
Android P was released August 7, 2018 with new security features. We made substantive changes to our Mobile SDK for Android P, and we sent out advanced customer notification, so you could prepare for these changes.
The Mobile SDK supports Android P for:
- Android native
- Xamarin-Android
Note: Android P for Cordova is not supported in this release. But, you can start preparing for Android P for Cordova. Watch for updates when Apache officially releases support for Android P.
Whether you have an existing Mobile SDK app, or this is your first app, review this section to ensure success with Android P devices. Although the changes to Android P were substantial, the changes you need to make are minimal.
Q. What change did you make to the Mobile SDK for Android P?
A. The key change is the new Secure Account Manager Storage (AMS). If you implemented the original AMS (and you implemented your own encryption), the Secure AMS now includes encryption. Secure AMS is the default for storing app data (device and mag identifiers) for Android P. Keys and certificates are still stored in the Android keystore. We made other changes to support Android P, but they are handled under the covers for you.
Q. Is updating to Secure AMS easy? Do I have to update the msso_config.json file after upgrading to 1.8.00?
A. Yes, there are only a few steps to implement Secure AMS. And, no you don't have to update the msso_config.json. (The Android P requirement to re-register the device is handled seamlessly for you.)
Q. If I created an app using the original AMS where I implemented my own encryption, will my app still work with Android P?
A. Yes, your app will work "as is". However, we still recommend that you upgrade and implement Secure AMS to ensure that your app aligns with Android P encryption requirements.
Q. Does Secure AMS support SSO?
A. Yes. Just remember that all SSO apps must use the same storage methods or SSO won't work. That is, SSO apps cannot mix different token storage methods: Android keystore, original AMS, and Secure AMS.
For details, see:
We added encryption to the Android AccountManager Storage (AMS). Although Android KeyStore is still the preferred method for token storage, this improvement adds security for devices where PIN/Lock is not available. Secure AMS avoids account data from being easily extracted with a rooted device. This feature is backward compatible with the existing AMS implementation in the Android Mobile SDK.
For details, see Add Secure Account Manager Storage.
If you've implemented the user session lock/unlock feature in the MASFoundation, you should update your privacy settings as a result of Apple updates to FaceID. Although MASFoundation will not crash if you do not change the setting, user session lock/unlock will automatically fallback to the system Passcode prompt (instead of biometric local authentication). To update, add the usage string NSFaceIDusageDescription to Privacy - Face ID Usage Description in your app's info.plist.
The Mobile SDK now support offline log out. This new method lets you delete or keep user credentials upon error (such as server is not reachable). See Changelogs for your platform for details.
The Mobile SDK for iOS improves performance during the initial device registration process and the geolocation data collection process.
| CA Mobile API Gateway | CA API Management OAuth Toolkit | CA API Gateway | Mobile SDK for CA Mobile API Gateway |
|---|---|---|---|
| 4.1 | 4.3, 4.2 | 9.3 | 1.8, 1.7, 1.6 |
| 4.0 | 4.1*, 4.0 |
9.2 | 1.8, 1.7, 1.6, 1.5, 1.4 |
| 3.3 | 3.6 | 9.2, 9.1** |
1.8, 1.7, 1.6, 1.3 |
| 3.2 | 3.5 | 9.1 | 1.8, 1.7, 1.6, 1.2 |
* Requires software compatibility patch. See OTK 4.1 Release Notes.
** Cassandra 3.x is not support in CA API Gateway version 9.1.x.
Note: All minor versions (CRs) are supported as part of the major release.
Note: Some Mobile SDK features depend on a specific version of CA Mobile API Gateway. Check MAG Feature Release Comparison, or contact Developer Support.
| Platform | Supported |
|---|---|
| iOS | |
| Android | |
| Cordova | |
| Xamarin |
Note: Our Mobile SDK is tested only on devices using official platform versions. The SDK may behave in unexpected ways if users have devices with unsupported versions.
| Issue or Limitation | Description | Workaround |
|---|---|---|
| (US466920: All SDKs) Errors on specific devices | If you have unexplained or intermittent SDK errors that occur only on specific devices, environments or settings, it may be because users are using an supported version of the platform, or they have tampered or customized the device. The Mobile SDK is tested only on devices using official platform versions. When devices are tampered with or customized, the SDK can behave in unexpected ways. | Check that users are using a supported version for their platform. Next, verify that users have not jailbroken or unlocked the OS (iOS), or customized the device ROM (Android). If either case is true, users should upgrade to a supported version of their platform. |
| Request with client certificate on HTTP 403 fails | If the MAG/OTK is configured to generate an HTTP 403 error, and the client certificate is configured for mutual SSL, the Apple Transport Layer determines that the certificate is bad and kills the entire transaction with the following error: FAILED: Error Domain=NSURLErrorDomain Code=-1206 "The server “our.server.here” requires a client certificate. |
Developers can workaround the bug in their app, or Admins can change all HTTP status codes from 403 to another status code. |
| (MCT-177: All SDKs) Social login limitation | The current social login implementation supports user profiles. The Mobile SDK libraries MASIdentity (Users and Groups) and MASConnecta (Messaging/Pub/Sub) do not support social login. | To integrate social login with an Identity Provider (for example, LDAP), you must create a custom policy. Contact Services for help with customizing policies for IDPs. |
| (DE355995) JWT access token generation and validation | Although OTK supports issuing and validating UUID and JWT access tokens, the JWT access token is not currently supported by the CA Mobile API Gateway. | None. |
iOS
- MASFoundation: ChangeLog
- MASConnecta: ChangeLog
- MASIdentityManagement: ChangeLog
- MASStorage: ChangeLog
- MASUI: ChangeLog
Android
Cordova
- Cordova-MAS-Foundation: ChangeLog
- Cordova-MAS-Connecta: ChangeLog
- Cordova-MAS-IdentityManagement: ChangeLog
- Cordova-MAS-Storage: ChangeLog
Xamarin
Released: July 16, 2018
We've added two new user authentication methods in the Cordova Mobile SDK that let you control authentication callbacks at the application level. Use these methods when your app needs to invoke a protected endpoint without the user being logged in, or when login tokens expire.
MAS.setAuthCallbackHandler(authHandler)
Sets the authentication handler and overrides the default Cordova plugin behavior.MAS.removeAuthCallbackHandler()
Removes the authentication handler and resets callback handling to default login page.
For details, see Explicit User Authentication Handling
The MASRequest class now supports JSONArray object for all platforms.
iOS
- MASFoundation: ChangeLog
- MASConnecta: ChangeLog
- MASIdentityManagement: ChangeLog
- MASStorage: ChangeLog
- MASUI: ChangeLog
Android
Cordova
- Cordova-MAS-Foundation: ChangeLog
- Cordova-MAS-Connecta: ChangeLog
- Cordova-MAS-IdentityManagement: ChangeLog
- Cordova-MAS-Storage: ChangeLog
Xamarin
Released: June 21, 2018
The Mobile SDK for Xamarin allows you to secure your cross-platform mobile apps with CA Mobile API Gateway. In this version, we support Xamarin MASFoundation with these features:
- Authentication and Authorization, limited to:
- Password and client credentials flows, with device registration
- Fingerprint session lock
- Single Sign-on
- Securely access to APIs:
- Request methods (GET, POST, PUT, DELETE) and Request Builder
- Geolocation
- SSL pinning
- Access APIS hosted in external servers
- All SDK initialization options and advanced configuration
The easiest way to get the Xamarin Mobile SDK is through Visual Studio, which embeds the NuGet dependency manager. Or, you can get MASFoundation.Xamarin on the NuGet site.
Either way, here's how to Get Started: Xamarin Mobile SDK.
The new Cordova app CLI utility lets you create a MAS-enabled Cordova app with just three commands:
- mas forge creates a Cordova project at the specified path
- mas configure lets you add the msso_config.json file to the project
- mas prepare prepares the app with these libraries: MAS-Template, MASFoundation, MASIdentity Management, MASConnecta, and MASStorage
As of 1.6.00, all sample apps have moved to their respective repositories:
| CA Mobile API Gateway | CA API Management OAuth Toolkit | CA API Gateway | Mobile SDK for CA Mobile API Gateway |
|---|---|---|---|
| 4.1 | 4.3, 4.2 | 9.3 | 1.7, 1.6 |
| 4.0 | 4.1*, 4.0 |
9.2 | 1.7, 1.6, 1.5, 1.4 |
| 3.3 | 3.6 | 9.2, 9.1** |
1.7, 1.6, 1.3 |
| 3.2 | 3.5 | 9.1 | 1.7, 1.6, 1.2 |
* Requires software compatibility patch. See OTK 4.1 Release Notes.
** Cassandra 3.x is not support in CA API Gateway version 9.1.x.
Note: All minor versions (CRs) are supported as part of the major release.
Note: Some Mobile SDK features depend on a specific version of CA Mobile API Gateway. Check MAG Feature Release Comparison, or contact Developer Support.
| Platform | Supported |
|---|---|
| iOS | |
| Android | |
| Cordova | |
| Xamarin |
Note: Our Mobile SDK is tested only on devices using official platform versions. The SDK may behave in unexpected ways if users have devices with unsupported versions.
| Issue or Limitation | Description | Workaround |
|---|---|---|
| (US466920: All SDKs) Errors on specific devices | If you have unexplained or intermittent SDK errors that occur only on specific devices, environments or settings, it may be because users are using an unsupported version of the platform, or they have tampered or customized the device. The Mobile SDK is tested only on devices using official platform versions. When devices are tampered with or customized, the SDK can behave in unexpected ways. | Check that users are using a supported version for their platform. Next, verify that users have not jailbroken or unlocked the OS (iOS), or customized the device ROM (Android). If either case is true, users should upgrade to a supported version of their platform. |
| Request with client certificate on HTTP 403 fails | If the MAG/OTK is configured to generate an HTTP 403 error, and the client certificate is configured for mutual SSL, the Apple Transport Layer determines that the certificate is bad and kills the entire transaction with the following error: FAILED: Error Domain=NSURLErrorDomain Code=-1206 "The server “our.server.here” requires a client certificate. |
Developers can workaround the bug in their app, or Admins can change all HTTP status codes from 403 to another status code. |
| (MCT-177: All SDKs) Social login limitation | The current social login implementation supports user profiles. The Mobile SDK libraries MASIdentity (Users and Groups) and MASConnecta (Messaging/Pub/Sub) do not support social login. | To integrate social login with an Identity Provider (for example, LDAP), you must create a custom policy. Contact Services for help with customizing policies for IDPs. |
| (DE355995) JWT access token generation and validation | Although OTK supports issuing and validating UUID and JWT access tokens, the JWT access token is not currently supported by the CA Mobile API Gateway. | None. |
iOS
- MASFoundation: ChangeLog
- MASConnecta: ChangeLog
- MASIdentityManagement: ChangeLog
- MASStorage: ChangeLog
- MASUI: ChangeLog
Android
Cordova
- Cordova-MAS-Foundation: ChangeLog
- Cordova-MAS-Connecta: ChangeLog
- Cordova-MAS-IdentityManagement: ChangeLog
- Cordova-MAS-Storage: ChangeLog
Xamarin
Released: March 6, 2018
Released: December 28, 2017
In previous versions, the SDK displayed "device already registered" errors when you installed/uninstalled apps during testing with multiple users. The errors are legitimate for production environments because the MAG server secures devices with this simple logic: only the previously-registered user or client can perform the re-registration. But this made app testing painful.
In this release, the Mobile SDK generates a new device identifier after uninstall/reinstall, which reduces the likelihood that you'll get this error again. If you do get the error, we've provided the steps to remove the device from the MAG Manager.
Use the new iOS MASRequestBuilder method to build a custom request to access an API. Build a request programmatically using MAS.invoke and add your own parameters.
Expanding our current support for iOS Fingerprint Session lock, the Mobile SDK integrates seamlessly with facial recognition technology introduced by Apple for iPhone X.
-
Use the Mobile SDK to invoke APIs on non-CA gateways
It’s a reality. You don't always have the CA API Gateway fronting all your APIs. You have other API management products already in place with APIs that are exposed directly on those products. You can now use the Mobile SDK to invoke APIs on these non-CA gateways. Extends vendor support in your APIM infrastructure. -
JSON Web Token (JWT) to validate data recipients
By validating data recipients using JWT, you can add another layer of security beyond mutual SSL and OAuth.
Requires: Advanced developer experience (because feature is implemented only in the SDK). -
Dynamic Client Configuration Using Enrollment URL
The Cordova Mobile SDK now supports managing the msso_config.json file outside of the app bundle. This feature provides another layer of security, and avoids having to reinstall the app to receive updates or when using a different MAG server. To understand the benefits, see Dynamic Device Enrollment. For the new SDK initialization method, see Start with Enrollment URL.
As of 1.6.00, all sample apps have moved to GitHub:
The following versions are supported in Mobile SDK 1.6.00 (plus minor releases):
| CA Mobile API Gateway | OAuth Toolkit |
|---|---|
| 4.1 | 4.2 |
| 4.0 | 4.1 |
| 3.3 | 3.6 |
| 3.2 | 3.5 |
Note: Some Mobile SDK features depend on a specific version of CA Mobile API Gateway. Check MAG Feature Release Comparison, or contact Developer Support.
| Platform | Supported |
|---|---|
| iOS | |
| Android | |
| Cordova | |
| Xamarin |
Note: Our Mobile SDK is tested only on devices using official platform versions. The SDK may behave in unexpected ways if users have devices with unsupported versions.
| Issue | Description | Workaround |
|---|---|---|
| Client certificate error (iOS) | If you configured MAG to generate an HTTP 403 error, and the client certificate is configured for mutual SSL, the Apple Transport Layer determines that the certificate is bad and kills the entire transaction with the following error: FAILED: Error Domain=NSURLErrorDomain Code=-1206 "The server “our.server.here” requires a client certificate. |
Change all HTTP status codes from 403 to another status code. |
| Proximity login with BLE (Android) | (DE258130) The message, "BLE advertisement has been found with Rssi: XXX," is displayed when BLE signal is received. Proximity login with BLE may not work on apps using the default JSON configuration. Depending on the device, you may need to increase the default range of the signal strength so devices can communicate using BLE. | (Admin) In the msso_config.json file, find the msso_ble_rssi value, and increase the range from -35 (default) to -80 or higher. You may need to play with these values. |
| Social Login (all SDKs) | (MCT-177) The Mobile SDK authenticates only against a supported IDP using the User Management library. A social login implementation requires other identity providers. | (Admin) Customize MAG policies for other IDPs. |
iOS
- MASFoundation: ChangeLog
- MASConnecta: ChangeLog
- MASIdentityManagement: ChangeLog
- MASStorage: ChangeLog
- MASUI: ChangeLog
Android
Cordova
- Cordova-MAS-Foundation: ChangLlog
- Cordova-MAS-Connecta: ChangeLog
- Cordova-MAS-IdentityManagement: ChangeLog
- Cordova-MAS-Storage: ChangeLog
- Developer website and documentation
- CA Mobile API Gateway documentation
- CA Mobile API Gateway communities
- CA Support Online
Copyright (c) 2019 Broadcom. All Rights Reserved. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
This software may be modified and distributed under the terms of the MIT license. See the LICENSE file for details.