-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Alias defined in app Restriction? #1595
Comments
So you are basically looking for something like
So the app will use that certificate alias for the VPN configuration when importing a profile? |
Yes, exactly! I suppose that would then get stored to that's VPNProfile.mAlias, and this would hopefully allow for VPN to work without user interaction. |
I implemented this in 3c16028 but I currently do not have an MDM setup to actually test this change. |
Great! It can be tested with https://play.google.com/store/apps/details?id=com.afwsamples.testdpc. |
I also enabled archiving of artefacts on the github actions, so this can be easier than needing to build yourself. |
Ok, so restriction were read correctly, but our both builds were crashing. VpnProfile remains null on new entry (as it should since it is not an update) so addCertificateAlias() fails. I found one more issue. Apparently, choosePrivateKeyAlias() needs to be called with that alias before attempting the connection, otherwise it somehow fails to access the cert from Keychain. Let me know if you would like pull request of the changes or something. |
A pull request would be appriciated and yes I forgot about that but selecting a certificate via the |
So yes, our DPC just takes the cert preselected with choosePrivateKeyAlias() and selects it automatically by overriding onChoosePrivateKeyAlias(), so no dialog is shown and it all works automatically and seamleslly. Small issue is that choosePrivateKeyAlias() actually needs Activity (which makes sense if user expects a dialogue, but not really when it is overrided) and I am not sure what would be best Activity in app for it. Also not sure how best to make sure it's only executed once, but I guess there is no harm in doing it on every LaunchVPN. Also, see my fix for crash due to null new VpnProfile, it could probably be done more elegantly. Patch file attached. |
Hi,
Apologies in advance if this is not appropriate place for the request.
Is there a way to define certificate alias via App Restrictiton?
We would be adding VPN profile via MDM app. restrictions with "uuid", "name" and "ovpn" fields.
Certificate and private key is also delivered and stored in the device, but user still needs to manually select the certificate alias from the store in the app.
Is there any way that this can be selected automatically, maybe by additional "alias" restriction field to be set for the VPN profile?
MDM device owner (DPC) is capable of handling onChoosePrivateKeyAlias() where it can select the alias instead of user, but as-is, user again needs to call the very activity of selecting the certificate manually.
We would like to avoid any user interaction for enabling VPN. Is this possible?
Thank you and kind regards,
Luka
The text was updated successfully, but these errors were encountered: