If you are using Federated IDs and are using Adobe iOS mobile apps, check to see if your Single Sign On (SSO) server supports Apple’s App Transport Security (ATS) requirements. Update your servers to support ATS requirements before January 1, 2017 to sign in to Adobe iOS applications.
In iOS9, Apple introduced a new security feature called App Transport Security (ATS). To be ATS compliant:
- Server must support at least Transport Layer Security (TLS) 1.2
- Connection ciphers must provide forward secrecy
- Certificates must be signed with either an RSA key with a length of at least 2048 bits or an ECC key with a size of at least 256 bits
This feature is described in the iOS9 release notes in the section titled “App Transport Security”. At WWDC 2016 in June, Apple announced the enforcement of App Transport Security (ATS) for all mobile applications submitted to the App Store by the end of 2016. When an Adobe iOS app attempts to communicate with servers that do not meet the security requirements for login via Single Sign On (SSO), an error will be returned and communication will fail.
Verify that your Single Sign-On setup for Federated IDs is compliant with the requirements for ATS.
If your server is not compliant, update your servers to support the App Transport Security requirements before to continue your access to Adobe iOS applications using Federated IDs. If you're using a third-party Identity Provider service, contact your service provider with this information.
SSL labs (which has become the industry standard for measuring security of TLS configuration) has a check for ATS compliance. To verify compliance, do the following:
If you are using Mac OS X 10.11 "El Capitan" or later, you can also use the nscurl command.
In the MAC Terminal, type:
nscurl --ats-diagnostics <url>
If the url is ATS compatible, you will see:
Please contact your Identity Provider (IdP) to update security settings on your SSO server to support TLS v1.2 and Forward Secrecy for continued use of Adobe iOS apps.