Stuck at Windows phone 8.1 MDM for certificate enrollment RRS feed

  • Question

  • Hi Guys ,

    I am stuck at certificate enrollment for windows phone 8.1. So far I was able to get request for discovery service and Device enrollment service.

    These apis are working

    1. Get discovery - done

    2. post discovery - done

    3. Post Getpolicyreq - done

    4. Post RequestSecurityToken -- stuck at this stage

    Device is sending me the CSR as per policy returned. And in the response I am sending response .For this I have followed steps mentioned in the document for windows phone 8 as follows.

    1. Created wap-provisioningdoc xml
    2. Added base64encoded CARoot certificate which is self signed i.e. not trusted. in <characteristic type="Root"><parm name="EncodedCertificate" value= encoded cert val </characteristic>
    3. Added base64 encoded Device Cert ( generated from CSR received from device)  <characteristic type="User">  </characteristic > same as step 2
    4. Added all required DM value in <characteristic type="APPLICATION"></characteristic> with DM server ip in ADDR tag etc

    5. Sending wap-provisioningdoc file in base64 format as a <BinarySecurityToken> </BinarySecurityToken > in RSTR

    My assumptions for provision xml

    1. <characteristic type="Root"> </characteristic type> will have my self signed CA root certificate base64 encoded

    2. <characteristic type="User"></characteristic type> will have signed device certificate for CSR sent by device in base64 encoded

    is it something that I need to look for ?Also I see 2 tags <characteristic type="APPAUTH"></characteristic> what are they for ?
    and what data value should I add for "AAUTHSECRET" and AAUTHDATA

    <characteristic type="APPAUTH">    
             <parm name="AAUTHLEVEL" value="CLIENT" />
             <parm name="AAUTHTYPE" value="DIGEST" />  
             <parm name="AAUTHSECRET" value="admin" />  
             <parm name="AAUTHDATA" value="1332857013" />
          <characteristic type="APPAUTH">
             <parm name="AAUTHLEVEL" value="APPSRV" />
            <parm name="AAUTHTYPE" value="BASIC" />   
             <parm name="AAUTHNAME" value="testclient" />  
             <parm name="AAUTHSECRET" value="12345" />

    are these values correct ?

    After all this enrollment is failing and device still shows screen to enter username , domain ,server address screen

    Did I miss anything here ? After sending resp to RequestSecurityToken no request is sent from device. (I am using Charles proxy for debugging ) . Stuck at this step for 2 days. :(

    I can post my provision and RSTR response files here

    Friday, April 18, 2014 7:46 AM


All replies