Resource Definition to Add Wi-Fi Operations on iOS Devices
A sample resource definition, together with details on the information that is added in the JSON are as follows:
Sample definition JSON to add Wi-Fi operations
The sample JSON is as follows:
{ "operation": { "hiddenNetwork": false, "autoJoin": true, "encryptionType": "Any", "hotspot": false, "domainName": "wso2.com", "serviceProviderRoamingEnabled": false, "displayedOperatorName": "sample_operator", "proxyType": "Auto", "roamingConsortiumOIs": null, "password": "$service123", "clientConfiguration": { "username": "client", "acceptEAPTypes": [13,17,18], "userPassword": "$client1234", "oneTimePassword": false, "payloadCertificateAnchorUUID": ["00000000-0000-1000-800-001EC20D4CFE"], "outerIdentity": "anonymous", "TLSTrustedServerNames": "wpa.*.example.com", "TLSAllowTrustExceptions": false, "TLSCertificateIsRequired": false, "TTLSInnerAuthentication": "PAP", "EAPFASTUsePAC": false, "EAPFASTProvisionPAC": false, "EAPFASTProvisionPACAnonymously": false, "EAPSIMNumberOfRANDs": 3 }, "payloadCertificateUUID": null, "proxyServer": "22.231.113.64", "proxyPort": 8080, "proxyUsername": "proxyUser", "proxyPassword": "$proxy1234", "proxyPACURL": "http://wso2.com/samplepacurl", "proxyPACFallbackAllowed": false, "SSID": "WSO2-Guest", "NAIRealmNames": ["kim@3com.com","kim@foo-9.com", "kim_bar@big-co.com"], "MCCAndMNCs": ["412/1", "412/20", "289/67"] }, "deviceIDs": [ "2be702beaaf4ad34fc9e7f8da2b6b808c453fa72b", "2ec33430ad456713c633de75b2219376bac45de56" ] }
Property definitions
All the properties that correspond to adding Wi-Fi operations are explained as follows:
|
Property | Description | Data Type | Example | ||
---|---|---|---|---|---|
operation | The attributes required to carry out the operation of adding Wi-Fi operations are defined here. | Yes | N/A | operation | - |
| The Device ID. This field is not case sensitive. | Yes | N/A | String | 2be702beaaf4ad34fc9e7f8da2b6b808c453fa72b |
Operation
Property | Description | Data Type | Example | ||
---|---|---|---|---|---|
hiddenNetwork | The devices use information such as broadcast type and encryption type to differentiate a network besides SSID. It is assumed that all configured networks are either open or broadcast. To specify a hidden network, the value must be set to true . | Yes | False | Boolean | True |
autoJoin | The network is auto-joined if the value is set to true. If false , the user has to tap the network name to join it. Availability: iOS 5.0 and later. | No | True | Boolean | False |
encryptionType | The possible values are as follows:
Make sure that these values exactly match the capabilities of the network access point. If unsure about the encryption type, or would prefer that it apply to all encryption types, use the value Any . Availability: iOS 4.0 and later The | Yes | N/A | String | Any |
hotspot | The network is treated as a hotspot if the value is set to false. Availability: iOS 7.0 and later. | No | False | Boolean | True |
domainName | The Domain Name used for the Wi-Fi Hotspot 2.0 negotiation. This field can be provided instead of the SSID_STR . Availability: iOS 7.0 and later. | No | N/A | String | wso2.com |
serviceProviderRoamingEnabled | Provides permission to connect to roaming service providers if the value is set to true. Availability: iOS 7.0 and later. | No | False | Boolean | True |
displayedOperatorName | Displays the operator names. Availability: iOS 7.0 and later. | Yes | N/A | String | - |
proxyType | The valid values are as follows:
Availability: iOS 5.0 and later. | No | N/A | String | Auto |
roamingConsortiumOIs | This is an array of Roaming Consortium Organization Identifiers used for Wi-Fi Hotspot 2.0 negotiation. Availability: iOS 7.0 and later. | No | N/A | Array of string | - |
password | The password for the service. | No | N/A | String | $service123 |
| Specifies an enterprise profile for a given network via the "EAPClientConfiguration" key. | Yes | N/A | clientConfiguration | - |
| The UUID of the certificate payload to use for the identity credential. | Yes | N/1 | Array of string | - |
| The proxy server's network address. | Yes | N/A | String | 22.231.113.64 |
| The proxy server's port. | No | N/A | Integer | 8080 |
| The username used to authenticate to the proxy server. | No | N/A | String | proxyUser |
| The password used to authenticate to the proxy server. | No | N/A | String | $proxy1234 |
| The URL of the PAC file that defines the proxy configuration. | No | N/A | String | http://wso2.com/samplepacurl |
| Prevents the device from connecting directly to the destination if the PAC file is unreachable if the value is set to false. Availability: iOS 7 and later. | No | True | Boolean | False |
| SSID of the Wi-Fi network to be used. In iOS 7.0 and later, this is optional if a DomainName value is provided. | Yes | N/A | String | WSO2-Guest |
| This is the list of Network Access Identifier Realm names used for Wi-Fi Hotspot 2.0 negotiation. Availability: iOS 7.0 and later. | No | N/A | Array of strings | - |
MCCAndMNCs
| This is the list of Mobile Country Code (MCC)/Mobile Network Code (MNC) pairs used for Wi-Fi Hotspot 2.0 negotiation. Each string must contain exactly six digits. Availability: iOS 7.0 and later. This feature is not supported in OS X. | No | N/A | Array of strings | - |
clientConfiguration
Property | Description | Data Type | Example | ||
---|---|---|---|---|---|
username | This property will not appear in the imported configuration unless the exact user name is known . Users can enter this information when they authenticate. | No | N/A | String | client |
acceptEAPTypes | The following EAP types are accepted:
| Yes | N/A | Array of integers. | 13,17,18 |
userPassword | The user password. If not provided, the user may be prompted during login. | No | N/A | String | $client1234 |
oneTimePassword | The user will be prompted for a password each time they connect to the network if the value is set to true. | No | False | Boolean | True |
payloadCertificateAnchorUUID | Identifies the certificates to be trusted with the authentication. Each entry must contain the UUID of a certificate payload. Use this key to prevent the device from asking the user if the listed certificates are trusted. Dynamic trust (the certificate dialogue) is disabled if this property is specified, unless TLSAllowTrustExceptions is also specified with the value true . | No | N/A | strings | - |
outerIdentity | The key is only relevant to TTLS, PEAP, and EAP-FAST. This allows the user to hide his or her identity. The user's actual name appears only inside the encrypted tunnel. It can increase security because an attacker can't see the authenticating user's name in the clear. | No | N/A | String | anonymous |
TLSTrustedServerNames | This is the list of server certificate common names that will be accepted. Use wildcards to specify the name, such as wpa.*.example.com. If a server presents a certificate that isn't in this list, it won't be trusted. Used alone or in combination with TLSTrustedCertificates, the property allows someone to carefully craft which certificates to trust for the given network, and avoid dynamically trusted certificates. Dynamic trust (the certificate dialogue) is disabled if this property is specified, unless TLSAllowTrustExceptions is also specified with the value true . | No | N/A | String | wpa.*.example.com |
TLSAllowTrustExceptions | Allows/disallows a dynamic trust decision by the user. The dynamic trust is the certificate dialogue that appears when a certificate isn't trusted. If the value is set to false , the authentication fails if the certificate isn't already trusted. The default value of this property is true unless either PayloadCertificateAnchorUUID or TLSTrustedServerNames is supplied, in which case the default value is false . | No | True | Boolean | False |
TLSCertificateIsRequired | Allows two-factor authentication for EAP-TTLS, PEAP, or EAP-FAST if the value is set to true. If false , allows for zero-factor authentication for EAP-TLS. The default is true for EAP-TLS, and false for other EAP types. Availability: iOS 7.0 and later. | No | True | Boolean | False |
TTLSInnerAuthentication | This is the inner authentication used by the TTLS module. The possible values are as follows:
| No | MSCHAPv2 | String | PAP |
EAPFASTUsePAC | The device will use an existing PAC if it's present when the value is set to true. Else, the server must present its identity using a certificate. | No | False | Boolean | True |
EAPFASTProvisionPAC | Used only if EAPFASTUsePAC is true as it allows PAC provisioning. This value must be set to true for EAP-FAST PAC usage to succeed, because there is no other way to provision a PAC. | No | False | Boolean | True |
EAPFASTProvisionPACAnonymously | Provisions the device anonymously if the value is set to true. Note that there are known man-in-the-middle attacks for anonymous provisioning. | No | False | Boolean | True |
EAPSIMNumberOfRANDs | Number of expected RANDs for EAPSIM. The valid values are as follows:
| No | 3 | Integer | 2 |