09-11-2013 07:08 PM - edited 09-11-2013 07:10 PM
We are planning to upgrade our BB software to version 10.1.0.16 / Blackberry 10.
We rely on the email address returned from the http_handler property "application.handler.http.header" to authenticate users.
The 'HTTP_RIM_DEVICE_EMAIL' header was available after specifying 'application.handler.http.header=email' within the following file: '\Research In Motion\BlackBerry Enterprise Server\BBIM\Servers\<server_name>\config\rimpublic
We did the initial testing and this seems to be not working or not supported anymore.
Any information on how to specify http headers, or provide the device's email within the http header, or ideas to resolve this issue with simplicity would be very much appreciated.
I've scoured the internet to no avail.
09-17-2013 07:34 AM
Due to architectural changes in the way data is routed in BlackBerry 10 the Email and PIN can no longer be added to the headers. If this is a requirement of your system then it would need to be added manually into your HTTP requests.
09-17-2013 04:16 PM
How praytell do we do this, and who's brilliant idea was it to make this change?
This puts our 140 licenses in the toilet, iPhones for all from now on. Seriously.
09-27-2013 10:58 AM
You would need to retrieve the user's email address then explicitly add it to the HTTP header for any requests made by your app. This would not work for apps you do not control (ex the browser, other third-party apps) but you could get it done for any of your own apps.
09-29-2013 07:43 PM
Thanks for your response Garrett.
Let me fill you in a bit more on the requirement. We are trying to allow the intranet page to identify the user so they can be delivered custom content.
We used to do that with the aforementioned HTTP header property.
How do we now identify them? When you say retreive the email address, how do we do this with an intranet site in BB10 browser? Any identifying info would help us: email address, pin, AD username.
09-30-2013 07:46 AM
For web pages this would not be supported presently. If you created an app for the intranet page you could retrieve the email address using the PIM IDs and inject the email into the HTTP header, however that will add quite a bit of programming logic to the app
10-01-2013 10:33 PM
Instead of creating an app, we can get the user details in a intranet page by using either of the following server variables:
However, this prompts the user to log in.
We've got the kerberos authentication set up on the BES server with the kerb5.conf file correctly, so once you log in you get a kerberos ticket and are not prompted again until this expires.
We also have set up SCEP to pull down a certificate for use with Activesync when we enrol the device.
Can we use the certificate to do the kerberos authentication in the work browser? This would mean the user is not prompted for credentials each time they visit the page.