locked
EAP-TLS WLANProfile for Windows Phone 8.1 RRS feed

  • Question

  • Through Syncml (MDM) I am trying to create Wifi profiles on Win Phone 8.1 device. 

    For EAP-TLS, I am trying to follow the XML schema given here:-

    http://msdn.microsoft.com/en-us/library/windows/desktop/bb204661(v=vs.85).aspx

    I always get Atomic error 507 with internal Add command failing with error 500.

    Here is the XML that my Server generates for the device:-

    <SyncML xmlns="SYNCML:SYNCML1.2">
    <SyncHdr>
    <VerDTD>1.2</VerDTD>
    <VerProto>DM/1.2</VerProto>
    <SessionID>15</SessionID>
    <MsgID>2</MsgID>
    <Target>
    <LocURI>urn:uuid:XXXXXXXXXXXXXXXXXXXXXXXXXX</LocURI>
    </Target>
    <Source>
    <LocURI>https://xyz.com</LocURI>
    </Source>
    <Cred>
    <Meta>
    <Format xmlns="syncml:metinf">b64</Format>
    <Type xmlns="syncml:metinf">syncml:auth-md5</Type>
    </Meta>
    <Data>Ts4+pMpA8b4EtrKvX/uncg==</Data>
    </Cred>
    </SyncHdr>
    <SyncBody>
    <Status>
    <CmdID>1</CmdID>
    <MsgRef>2</MsgRef>
    <CmdRef>0</CmdRef>
    <Cmd>SyncHdr</Cmd>
    <Data>212</Data>
    <TargetRef>https://xyz.com</TargetRef>
    <SourceRef>urn:uuid:XXXXXXXXXXXXXXXXXXXXXXXXXX</SourceRef>
    </Status>
    <Atomic>
    <CmdID>2</CmdID>
    <Add>
    <CmdID>3</CmdID>
    <Item>
    <Target>
    <LocURI>./Vendor/MSFT/WiFi/Profile/wpa2Tls/WlanXml</LocURI>
    </Target>
    <Meta>
    <Format xmlns="syncml:metinf">chr</Format>
    </Meta>
    <Data>&lt;?xml version=&quot;1.0&quot; ?&gt;
    &lt;WLANProfile xmlns=&quot;http://www.microsoft.com/networking/WLAN/profile/v1&quot;&gt;
    &lt;name&gt;wpa2Tls&lt;/name&gt;
    &lt;SSIDConfig&gt;
    &lt;SSID&gt;
    &lt;name&gt;wpa2Tls&lt;/name&gt;
    &lt;/SSID&gt;
    &lt;/SSIDConfig&gt;
    &lt;connectionType&gt;ESS&lt;/connectionType&gt;
    &lt;connectionMode&gt;manual&lt;/connectionMode&gt;
    &lt;autoSwitch&gt;false&lt;/autoSwitch&gt;
    &lt;MSM&gt;
    &lt;security&gt;
    &lt;authEncryption&gt;
    &lt;authentication&gt;WPA2&lt;/authentication&gt;
    &lt;encryption&gt;AES&lt;/encryption&gt;
    &lt;useOneX&gt;true&lt;/useOneX&gt;
    &lt;/authEncryption&gt;
    &lt;OneX xmlns=&quot;http://www.microsoft.com/networking/OneX/v1&quot;&gt;
    &lt;EAPConfig&gt;
    &lt;EapHostConfig xmlns=&quot;http://www.microsoft.com/provisioning/EapHostConfig&quot;                                    
                  xmlns:eapCommon=&quot;http://www.microsoft.com/provisioning/EapCommon&quot;                                    
      xmlns:baseEap=&quot;http://www.microsoft.com/provisioning/BaseEapMethodConfig&quot;&gt;
    &lt;EapMethod&gt;
    &lt;eapCommon:Type&gt;13&lt;/eapCommon:Type&gt;
    &lt;eapCommon:AuthorId&gt;0&lt;/eapCommon:AuthorId&gt;
    &lt;/EapMethod&gt;
    &lt;Config xmlns:baseEap=&quot;http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1&quot;                                 
           xmlns:eapTls=&quot;http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV1&quot;&gt;
    &lt;baseEap:Eap&gt;
    &lt;baseEap:Type&gt;13&lt;/baseEap:Type&gt;
    &lt;eapTls:EapType&gt;
    &lt;eapTls:CredentialsSource&gt;
    &lt;eapTls:CertificateStore&gt;
    &lt;eapTls:SimpleCertSelection&gt;true&lt;/eapTls:SimpleCertSelection&gt;
    &lt;/eapTls:CertificateStore&gt;
    &lt;/eapTls:CredentialsSource&gt;
    &lt;eapTls:ServerValidation&gt;
    &lt;eapTls:DisableUserPromptForServerValidation&gt;false&lt;/eapTls:DisableUserPromptForServerValidation&gt;
    &lt;eapTls:ServerNames /&gt;
    &lt;eapTls:TrustedRootCA&gt;XXXXXXXXXXXXXXXXXXXXXXXXXX&lt;/eapTls:TrustedRootCA&gt;
    &lt;/eapTls:ServerValidation&gt;
    &lt;eapTls:DifferentUsername&gt;false&lt;/eapTls:DifferentUsername&gt;
    &lt;/eapTls:EapType&gt;
    &lt;/baseEap:Eap&gt;
    &lt;/Config&gt;
    &lt;/EapHostConfig&gt;
    &lt;/EAPConfig&gt;
    &lt;/OneX&gt;
    &lt;/security&gt;
    &lt;/MSM&gt;
    &lt;/WLANProfile&gt;</Data>
    </Item>
    </Add>
    </Atomic>
    </SyncBody>
    </SyncML>

    The device responds with:-

    <SyncML xmlns="SYNCML:SYNCML1.2">
    <SyncHdr>
    <VerDTD>1.2</VerDTD>
    <VerProto>DM/1.2</VerProto>
    <SessionID>15</SessionID>
    <MsgID>3</MsgID>
    <Target>
    <LocURI>https://xyz.com</LocURI>
    </Target>
    <Source>
    <LocURI>urn:uuid:XXXXXXXXXXXXXXX</LocURI>
    </Source>
    </SyncHdr>
    <SyncBody>
    <Status>
    <CmdID>1</CmdID>
    <MsgRef>2</MsgRef>
    <CmdRef>0</CmdRef>
    <Cmd>SyncHdr</Cmd>
    <Chal>
    <Meta>
    <Format xmlns="syncml:metinf">b64</Format>
    <Type xmlns="syncml:metinf">syncml:auth-md5</Type>
    <NextNonce xmlns="syncml:metinf">L1YVNVtptwu1UB08V6yYJQhPsJtVXYHbeKAIxfrhT5s=</NextNonce>
    </Meta>
    </Chal>
    <Data>212</Data>
    </Status>
    <Status>
    <CmdID>2</CmdID>
    <MsgRef>2</MsgRef>
    <CmdRef>2</CmdRef>
    <Cmd>Atomic</Cmd>
    <Data>507</Data>
    </Status>
    <Status>
    <CmdID>3</CmdID>
    <MsgRef>2</MsgRef>
    <CmdRef>3</CmdRef>
    <Cmd>Add</Cmd>
    <Data>500</Data>
    </Status>
    <Final/>
    </SyncBody>
    </SyncML>

    Could anybody let me know what is the right EAP-TLS configuration for Windows Phone 8.1 devices ?

    --DFriend

    Thursday, July 31, 2014 7:43 AM

Answers

  • In the above payload, can you add the "authMode" parameter and try? Basically, everything in the payload above looks normal, except that you need to add the "authMode" parameter.

                ......
                &lt;/authEncryption&gt;
                &lt;OneX xmlns=&quot;http://www.microsoft.com/networking/OneX/v1&quot;&gt;
                &lt;authMode&gt;user&lt;/authMode&gt;
                &lt;EAPConfig&gt;
                ......


    Windows Store Developer Solutions, follow us on Twitter: @WSDevSol|| Want more solutions? See our blog

    • Marked as answer by DFriend Friday, August 1, 2014 5:48 AM
    Thursday, July 31, 2014 11:20 PM

All replies

  • In the above payload, can you add the "authMode" parameter and try? Basically, everything in the payload above looks normal, except that you need to add the "authMode" parameter.

                ......
                &lt;/authEncryption&gt;
                &lt;OneX xmlns=&quot;http://www.microsoft.com/networking/OneX/v1&quot;&gt;
                &lt;authMode&gt;user&lt;/authMode&gt;
                &lt;EAPConfig&gt;
                ......


    Windows Store Developer Solutions, follow us on Twitter: @WSDevSol|| Want more solutions? See our blog

    • Marked as answer by DFriend Friday, August 1, 2014 5:48 AM
    Thursday, July 31, 2014 11:20 PM
  • Thanks a lot. It worked !

    -DFriend

    Friday, August 1, 2014 5:49 AM
  • I guess, either the template given here:-

    http://msdn.microsoft.com/en-us/library/windows/desktop/aa370031(v=vs.85).aspx

    has to be changed or if isn't applicable for Windows Phone 8.1, another template has to be given exclusively for Windows phone 8.1.

    --DFriend

    Friday, August 1, 2014 5:53 AM