Abstract: Disclosed are various approaches for providing single sign-on capabilities for a user on a client device. A user's credentials can be authenticated by an identity provider application. The identity provider application can facilitate single sign-on capabilities for browser-based applications and native applications on the client device.

Abstract: Disclosed are various approaches for implementing certificate pinning in a tunnel client on a client device. A tunnel client receives a connection request from an application executed by the client device to connect to a remote server. The tunnel client determines that the remote server corresponds to a known pinned host and then determines whether the remote server presents a certificate matching a pinned certificate for the known pinned host. If the presented certificate matches the pinned certificate, the tunnel client allows a connection to be established between the application and the remote server through a network tunnel between the tunnel client and a tunnel server.

Abstract: Disclosed are various approaches for a secure communication session between applications installed on a client device. The secure communication session can be provided over an insecure operating system application programming interface (API). By exchanging session information and encryption data, communications over the insecure API can be secured.

Abstract: Disclosed are various approaches for providing single sign-on capabilities for a user on a client device. A user's credentials can be authenticated by an identity provider application. The identity provider application can facilitate single sign-on capabilities for browser-based applications and native applications on the client device.

Abstract: Disclosed are various approaches for providing single sign-on capabilities for a user on a client device. A user's credentials can be authenticated by an identity provider application. The identity provider application can facilitate single sign-on capabilities for browser-based applications and native applications on the client device.

Abstract: Disclosed are various approaches for validating public keys pinned to services or servers on private networks. A client device can request a first certificate from a trust service. The client device can then validate that the first certificate from the trust service is signed by a preinstalled certificate stored on the client device. Subsequently, the client device can receive a uniform resource locator identifying a network location of an secure sockets layer (SSL) pinning service, wherein the SSL pinning service is configured to provide a hash value for a first public key issued to a computing device. Finally, the client device can receive a second public key from the trust service, wherein the second public key is configured to encrypt network traffic sent to the SSL pinning service.