App Shielding configuration

Mis à jour le 20 Jan 2025
1 Minute à lire

Partager
Sombre
Lumière
PDF

The content is currently unavailable in French. You are viewing the default English version.

Résumé de l’article

Avez-vous trouvé ce résumé utile ?

Merci pour vos commentaires

To enable updatable configurations, add a configUpdate element to your App Shielding configuration file (e.g., config.xml. This element must specify the URL where the new configuration can be downloaded.

<?xml version="1.0" encoding="UTF-8"?>
<shield>
    <config>
        ...
        <configUpdate>
            <URL v="https://config-update.example.com/new_config.dat" />
        </configUpdate>
    </config>
</shield>

An optional requestTimeout element can be added under configUpdate to specify the URL request timeout in seconds. If not set, the timeout defaults to 60 seconds.

The URL string supports the following substitution variables:

Placeholder	Substitution
URL substitution variables
%MANUFACTURER%	The device manufacturer.
%MODEL%	The device model name.
%ANDROID%	The Android API level of the device (example: 28).
%iOS%	The iOS version.
%VERSION%	The Shield version (example: 2.8.5).
%PKGID%	The application package or bundle ID. (example: com.example.myapp)
%PKGVERSION%	The application package version string.
%CREATED%	The configuration time stamp/version.

The %PKGID%, %PKGVERSION%, %CREATED%, and %VERSION% variables are substituted at the time of configuration encoding, while App Shielding substitutes all other variables during runtime.

Using these variables allows you to target configuration updates for specific devices, OS versions, or apps. For example:

<configUpdate>
 <URL v="https://config-update.example.com/%PKGID%/%VERSION%/new_config.dat" />
</configUpdate>

You can also use the variables in a query string to, for instance, gather data on the types of devices that are being used for the given app. For example:

<configUpdate>
  <URL v="https://configupdate.example.com/new_config.dat?dev=%MANUFACTURER%&amp;mod=%MODEL%&amp;pkg=%PKGID%" />
</configUpdate>

In an XML file the ampersand character (&) must be escaped as &.

Server configuration

For App Shielding to be able to connect to an HTTPS server, the corresponding httpsServer element must be added under the httpsOptions element of your App Shielding configuration. For example:

<httpsOptions>
    <httpsServer>
        <URL v="https://config-update.example.com" />
        <serverCertificateVerificationPolicy v="pinServerCertificate" />
        <allowedServerCertificate>
            cErtInBaSE64=
        </allowedServerCertificate>
    </httpsServer>
</httpsOptions>

The following options inside the httpsServer element are supported:

Option	Requirements
Server configuration options
URL	Required.
serverCertificateVerificationPolicy	Required and must be either pinServerCertificate or verifyUsingRootCACertificate.
allowedServerCertificate	Required if using pinServerCertificate.
allowedRootCACertificate	Required if using verifyUsingRootCACertificate.
clientCertificatePKCS12	Optional.
clientCertificatePKCS12Password	Optional.

For more details on each of these options, refer to the Configuration options section in the OneSpan App Shielding Reference Documentation.

Configuration Identifier

An optional configIdentifier element can be added to the configuration file. If this option is set in the App Shielding configuration, only updatable configurations with the same value are considered valid. If not set, this value defaults to the package ID of the app, i.e., any configuration update for the desired app must have been created with the same input app.

Cet article vous a-t-il été utile ?

What's Next

Generation of the configuration file

Table des matières

Server configuration
Configuration Identifier