CBA for SSO Extention

Can the SSO Extension with Credential type handle Cert based Auth instead of Usernanme/Password?

In my testing it seems only UN/PW is available right now.
Answered by Security Engineer in 617378022
That option is only for the Kerberos Extension and is available on iOS, iPadOS, and macOS.
No it can't handle cert based auth. This is because the certificate is used to setup the SSL tunnel before the http 401 challenge is received. Credential extensions only handle 401 challenges and are not used to setup the connection to the server.
I've done some more research on this today and found an interesting configuration option called "certificateUUID".

certificateUUID:string = The PayloadUUID of a PKINIT certificate.

https://developer.apple.com/documentation/devicemanagement/extensiblesinglesignonkerberos/extensiondata#properties

Is this only available on MacOS as a configuration Option or is it read by iOS too? The PKI certs are pushed to our iOS devices and if it is possible to link that payloadUUID to the SSOExtension, would that authenticate on iOS?
Accepted Answer
That option is only for the Kerberos Extension and is available on iOS, iPadOS, and macOS.
CBA for SSO Extention
 
 
Q