Resource Definition to Add Wi-Fi Operations on iOS Devices

A sample resource definition, together with details on the information that is added in the JSON are as follows:

Sample definition JSON to add Wi-Fi operations

The sample JSON is as follows:

{
  "operation": {
    "hiddenNetwork": false,
    "autoJoin": true,
    "encryptionType": "Any",
    "hotspot": false,
    "domainName": "wso2.com",
    "serviceProviderRoamingEnabled": false,
    "displayedOperatorName": "sample_operator",
    "proxyType": "Auto",
    "roamingConsortiumOIs": null,
    "password": "$service123",
    "clientConfiguration": {
      "username": "client",
      "acceptEAPTypes": [13,17,18],
      "userPassword": "$client1234",
      "oneTimePassword": false,
      "payloadCertificateAnchorUUID": ["00000000-0000-1000-800-001EC20D4CFE"],
      "outerIdentity": "anonymous",
      "TLSTrustedServerNames": "wpa.*.example.com",
      "TLSAllowTrustExceptions": false,
      "TLSCertificateIsRequired": false,
      "TTLSInnerAuthentication": "PAP",
      "EAPFASTUsePAC": false,
      "EAPFASTProvisionPAC": false,
      "EAPFASTProvisionPACAnonymously": false,
      "EAPSIMNumberOfRANDs": 3
    },
    "payloadCertificateUUID": null,
    "proxyServer": "22.231.113.64",
    "proxyPort": 8080,
    "proxyUsername": "proxyUser",
    "proxyPassword": "$proxy1234",
    "proxyPACURL": "http://wso2.com/samplepacurl",
    "proxyPACFallbackAllowed": false,
    "SSID": "WSO2-Guest",
    "NAIRealmNames": ["kim@3com.com","kim@foo-9.com", "kim_bar@big-co.com"],
    "MCCAndMNCs": ["412/1", "412/20", "289/67"]
  },
  "deviceIDs": [
    "2be702beaaf4ad34fc9e7f8da2b6b808c453fa72b",
    "2ec33430ad456713c633de75b2219376bac45de56"
  ]
}

Property definitions

All the properties that correspond to adding Wi-Fi operations are explained as follows:

operation
- hiddenNetwork
- autoJoin
- encryptionType
- hotspot
- domainName
- serviceProviderRoamingEnabled
- displayedOperatorName
- proxyType
- roamingConsortiumOIs
- password
- clientConfiguration
  - username
  - acceptEAPTypes
  - userPassword
  - oneTimePassword
  - payloadCertificateAnchorUUID
  - outerIdentity
  - TLSTrustedServerNames
  - TLSAllowTrustExceptions
  - TLSCertificateIsRequired
  - TTLSInnerAuthentication
  - EAPFASTUsePAC
  - EAPFASTProvisionPAC
  - EAPFASTProvisionPACAnonymously
  - EAPSIMNumberOfRANDs
- payloadCertificateUUID
- proxyServer
- proxyPort
- proxyUsername
- proxyPassword
- proxyPACURL
- proxyPACFallbackAllowed
- SSID
- NAIRealmNames
- MCCAndMNCs
deviceIDs

Property	Description			Data Type	Example
`operation`	The attributes required to carry out the operation of adding Wi-Fi operations are defined here.	Yes	N/A	operation	-
`deviceIDs`	The Device ID. This field is not case sensitive.	Yes	N/A	String	2be702beaaf4ad34fc9e7f8da2b6b808c453fa72b

Operation

Property	Description			Data Type	Example
`hiddenNetwork`	The devices use information such as broadcast type and encryption type to differentiate a network besides SSID. It is assumed that all configured networks are either open or broadcast. To specify a hidden network, the value must be set to true .	Yes	False	Boolean	True
`autoJoin`	The network is auto-joined if the value is set to true. If false , the user has to tap the network name to join it. Availability: iOS 5.0 and later.	No	True	Boolean	False
`encryptionType`	The possible values are as follows: `WEP` `WPA` `Any` `None` `WPA` corresponds to `WPA` and `WPA2` and applies to both encryption types. Make sure that these values exactly match the capabilities of the network access point. If unsure about the encryption type, or would prefer that it apply to all encryption types, use the value Any . Availability: iOS 4.0 and later The `None` value is available in iOS 5.0 and later.	Yes	N/A	String	Any
`hotspot`	The network is treated as a hotspot if the value is set to false. Availability: iOS 7.0 and later.	No	False	Boolean	True
`domainName`	The Domain Name used for the Wi-Fi Hotspot 2.0 negotiation. This field can be provided instead of the SSID_STR . Availability: iOS 7.0 and later.	No	N/A	String	wso2.com
`serviceProviderRoamingEnabled`	Provides permission to connect to roaming service providers if the value is set to true. Availability: iOS 7.0 and later.	No	False	Boolean	True
`displayedOperatorName`	Displays the operator names. Availability: iOS 7.0 and later.	Yes	N/A	String	-
`proxyType`	The valid values are as follows: Manual Auto Availability: iOS 5.0 and later.	No	N/A	String	Auto
`roamingConsortiumOIs`	This is an array of Roaming Consortium Organization Identifiers used for Wi-Fi Hotspot 2.0 negotiation. Availability: iOS 7.0 and later.	No	N/A	Array of string	-
`password`	The password for the service.	No	N/A	String	$service123
`clientConfiguration`	Specifies an enterprise profile for a given network via the "EAPClientConfiguration" key.	Yes	N/A	clientConfiguration	-
`payloadCertificateUUID`	The UUID of the certificate payload to use for the identity credential.	Yes	N/1	Array of string	-
`proxyServer`	The proxy server's network address.	Yes	N/A	String	22.231.113.64
`proxyPort`	The proxy server's port.	No	N/A	Integer	8080
`proxyUsername`	The username used to authenticate to the proxy server.	No	N/A	String	proxyUser
`proxyPassword`	The password used to authenticate to the proxy server.	No	N/A	String	$proxy1234
`proxyPACURL`	The URL of the PAC file that defines the proxy configuration.	No	N/A	String	http://wso2.com/samplepacurl
`proxyPACFallbackAllowed`	Prevents the device from connecting directly to the destination if the PAC file is unreachable if the value is set to false. Availability: iOS 7 and later.	No	True	Boolean	False
`SSID`	SSID of the Wi-Fi network to be used. In iOS 7.0 and later, this is optional if a DomainName value is provided.	Yes	N/A	String	WSO2-Guest
`NAIRealmNames`	This is the list of Network Access Identifier Realm names used for Wi-Fi Hotspot 2.0 negotiation. Availability: iOS 7.0 and later.	No	N/A	Array of strings	-
`MCCAndMNCs`	This is the list of Mobile Country Code (MCC)/Mobile Network Code (MNC) pairs used for Wi-Fi Hotspot 2.0 negotiation. Each string must contain exactly six digits. Availability: iOS 7.0 and later. This feature is not supported in OS X.	No	N/A	Array of strings	-

clientConfiguration

Property	Description			Data Type	Example
`username`	This property will not appear in the imported configuration unless the exact user name is known . Users can enter this information when they authenticate.	No	N/A	String	client
`acceptEAPTypes`	The following EAP types are accepted: `13 = TLS` `17 = LEAP` `18 = EAP-SIM` `21 = TTLS` `23 = EAP-AKA` `25 = PEAP` `43 = EAP-FAST`	Yes	N/A	Array of integers.	13,17,18
`userPassword`	The user password. If not provided, the user may be prompted during login.	No	N/A	String	$client1234
`oneTimePassword`	The user will be prompted for a password each time they connect to the network if the value is set to true.	No	False	Boolean	True
`payloadCertificateAnchorUUID`	Identifies the certificates to be trusted with the authentication. Each entry must contain the UUID of a certificate payload. Use this key to prevent the device from asking the user if the listed certificates are trusted. Dynamic trust (the certificate dialogue) is disabled if this property is specified, unless TLSAllowTrustExceptions is also specified with the value true .	No	N/A	strings	-
`outerIdentity`	The key is only relevant to TTLS, PEAP, and EAP-FAST. This allows the user to hide his or her identity. The user's actual name appears only inside the encrypted tunnel. It can increase security because an attacker can't see the authenticating user's name in the clear.	No	N/A	String	anonymous
`TLSTrustedServerNames`	This is the list of server certificate common names that will be accepted. Use wildcards to specify the name, such as wpa.*.example.com. If a server presents a certificate that isn't in this list, it won't be trusted. Used alone or in combination with TLSTrustedCertificates, the property allows someone to carefully craft which certificates to trust for the given network, and avoid dynamically trusted certificates. Dynamic trust (the certificate dialogue) is disabled if this property is specified, unless TLSAllowTrustExceptions is also specified with the value true .	No	N/A	String	wpa.*.example.com
`TLSAllowTrustExceptions`	Allows/disallows a dynamic trust decision by the user. The dynamic trust is the certificate dialogue that appears when a certificate isn't trusted. If the value is set to false , the authentication fails if the certificate isn't already trusted. The default value of this property is true unless either PayloadCertificateAnchorUUID or TLSTrustedServerNames is supplied, in which case the default value is false .	No	True	Boolean	False
`TLSCertificateIsRequired`	Allows two-factor authentication for EAP-TTLS, PEAP, or EAP-FAST if the value is set to true. If false , allows for zero-factor authentication for EAP-TLS. The default is true for EAP-TLS, and false for other EAP types. Availability: iOS 7.0 and later.	No	True	Boolean	False
`TTLSInnerAuthentication`	This is the inner authentication used by the TTLS module. The possible values are as follows: `PAP` `CHAP` `MSCHAP` `MSCHAPv2`	No	MSCHAPv2	String	PAP
`EAPFASTUsePAC`	The device will use an existing PAC if it's present when the value is set to true. Else, the server must present its identity using a certificate.	No	False	Boolean	True
`EAPFASTProvisionPAC`	Used only if EAPFASTUsePAC is true as it allows PAC provisioning. This value must be set to true for EAP-FAST PAC usage to succeed, because there is no other way to provision a PAC.	No	False	Boolean	True
`EAPFASTProvisionPACAnonymously`	Provisions the device anonymously if the value is set to true. Note that there are known man-in-the-middle attacks for anonymous provisioning.	No	False	Boolean	True
`EAPSIMNumberOfRANDs`	Number of expected RANDs for EAPSIM. The valid values are as follows: 2 3	No	3	Integer	2