I would recommend watching WWDC 2013 Session 301 "Extending Your Apps for Enterprise and Education Use"

我建议观看WWDC 2013 Session 301“Extending Your Apps for Enterprise and Education Use”

Also, for an overview of an implementation of this functionality this sitehelps.

此外，对于此功能的实现的概述，此站点有帮助。

Lastly, here is Apple's documentation (available to developers). Look for the heading: Single Sign-On Account Payload.

最后，这里是Apple 的文档（可供开发人员使用）。查找标题：单点登录帐户有效负载。

Configuring SSO on a device will require Apple Configurator to install the profile or an MDM solution for OTA delivery of the SSO profile.

在设备上配置 SSO 将需要 Apple Configurator 安装配置文件或 MDM 解决方案以 OTA 交付 SSO 配置文件。

To make SSO (Kerberos) working on iOS7 you need 3 things:

要使 SSO (Kerberos) 在 iOS7 上工作，您需要三件事：

1. On the server side: Kerberos environment + HTTP SPNego/Kerberos authentication configured. SSO in iOS works only for HTTP(S).

2. Configuration profile containing:

   • [Obligatory] Your Kerberos realm.
   • [Obligatory] Your Kerberos principal (usually username), this can be left empty - in that case user will be asked to specify it during the profile installation.
   • [Obligatory] List of URL prefixes of the pages allowed to use SSO. Wildcards cannot be used here, if the prefix doesn't end with slash character, it will be automatically appended to it.
   • [Optional] List of bundle IDs allowed to use SSO, if empty all applications are allowed. Wildcards in bundle IDs can be used.

3. Application that supports it, Safari and WebKit (UIWebView class) do. As described in WWDC 2013 Session Videos number 301, you have to use either NSURLConnection or NSURLSession class. This is a simplified example of the HTTP traffic when authenticating using the SPNego scheme:

1. 在服务器端：Kerberos 环境 + HTTP SPNego/Kerberos 身份验证配置。iOS 中的 SSO 仅适用于 HTTP(S)。

2. 配置文件包含：

   • [强制性] 您的 Kerberos 领域。
   • [强制] 您的 Kerberos 主体（通常是用户名），可以留空 - 在这种情况下，用户将被要求在配置文件安装期间指定它。
   • [必填] 允许使用 SSO 的页面的 URL 前缀列表。此处不能使用通配符，如果前缀不以斜线字符结尾，则会自动附加到它上面。
   • [可选] 允许使用 SSO 的包 ID 列表，如果为空，则允许所有应用程序。可以使用包 ID 中的通配符。

3. 支持它的应用程序，Safari 和 WebKit（UIWebView 类）都可以。如 WWDC 2013 Session Videos number 301 所述，您必须使用 NSURLConnection 或 NSURLSession 类。这是使用 SPNEgo 方案进行身份验证时 HTTP 流量的简化示例：

Client: GET https://login.example.com/adfs/ls/auth/integrated/?data1=aa&data2=...

Server: 401 Unathorized

+header WWW-Authentificate: Negotiate

Client: GET https://login.example.com/adfs/ls/auth/integrated/?data1=aa&data2=...

+header Authorization: Negotiate [SPNegotInitToken]

Server: 200 OK

+header Authorization: Negotiate [SpnegoTargToken]

+header set-cookie [SESSIONID]

客户端：获取https://login.example.com/adfs/ls/auth/integrated/?data1=aa&data2=...

服务器：401 Unathorized

+header WWW-Authentificate：协商

客户端：获取https://login.example.com/adfs/ls/auth/integrated/?data1=aa&data2=...

+header 授权：协商 [SPNegotInitToken]

服务器：200 OK

+header 授权：协商 [SpnegoTargToken]

+header set-cookie [SESSIONID]

The dialog with prompt for the Kerberos password (if the Kerberos ticket has not yet been granted/expired) will appear after receiving "WWW-Authentificate". Obj-C classes will handle automatically all the redirects and authentication process, so the only thing you need is to make a request to the login URL and allow this URL in the profile.

收到“WWW-Authentificate”后，将出现提示输入 Kerberos 密码的对话框（如果 Kerberos 票证尚未被授予/过期）。Obj-C 类将自动处理所有重定向和身份验证过程，因此您唯一需要做的就是向登录 URL 发出请求并在配置文件中允许此 URL。

Enterprise Single Sign On lets user sign in once on their device and let all apps on device use it fo authentication.In case of twitter, links below will be useful for you,

企业单点登录允许用户在他们的设备上登录一次，并让设备上的所有应用程序使用它进行身份验证。如果是推特，下面的链接对您有用，

https://dev.twitter.com/discussions/8231.

https://dev.twitter.com/discussions/8231。

http://eflorenzano.com/blog/2012/04/18/using-twitter-ios5-integration-single-sign-on/

http://eflorenzano.com/blog/2012/04/18/using-twitter-ios5-integration-single-sign-on/