I'm trying to create AGSFeatureLayer from an URL. The resource is under authentication, so I pass a token to AGSServiceFeatureTable object using AGSRequestConfiguration. In our project we have a couple of environments and for one of them it works fine, but for the other one i'm getting an alert:
"<NDA_domain.com> requires a client certificate"
"Would you like to browse for the certificate to connect to this host?"
I was also able to extract the following error using AGSAuthenticationManagerDelegate:
Error Domain=com.esri.arcgis.runtime.services.error Code=401 "Credential Required" UserInfo={NSURL=https://<NDA_domain.com>/FeatureServer/4, NSLocalizedDescription=Credential Required, protectionSpace=<NSURLProtectionSpace: 0x600000980f10>: Host:<NDA_domain.com>, Server:https, Auth-Scheme:NSURLAuthenticationMethodClientCertificate, Realm:(null), Port:443, Proxy:NO, Proxy-Type:(null)}
Other errors in console look like this:
Connection 4: TLS Client Certificates encountered error 1:89
Connection 4: encountered error(1:89)
[boringssl] boringssl_context_handle_fatal_alert(1967) [C4.3.1:2][0x137dd7c90] write alert, level: fatal, description: certificate unknown
[boringssl] boringssl_context_error_print(1957) [C4.3.1:2][0x137dd7c90] Error: 5256693112:error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED:/Library/Caches/com.apple.xbs/Sources/boringssl/ssl/handshake.cc:419:
[boringssl] boringssl_session_handshake_incomplete(86) [C4.3.1:2][0x137dd7c90] SSL library error
Some more details.
When I try to load the url using URLSession, it works well every time. I'm also able to load the resource successfully in a browser (including iOS Safari). And it works well in Postman.
When I try to monitor requests with proxy tools like Proxyman, for some reason the 401 error disappears.
I also tried using AGSAuthenticationManagerDelegate, to fix the issue in
-authenticationManager:didReceiveAuthenticationChallenge:
by creating AGSCredential with the same auth token, but I had partial success: the didReceive challenge method keeps being invoked with the new Code=498 "Invalid token" error and when I try to load the resource a couple more times it actually loads successfully at some point. But it's not the best result with all those errors.
So the main questions are:
Where Auth-Scheme:NSURLAuthenticationMethodClientCertificate is coming from? And how to get rid of this Certificate authentication attempt?