The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Ayres G.J. <g.j.ayres AT swansea.ac.uk>]

Hello Martin,

 

I know you directed your question at Stefan, but as the Android developer please allow me to assist.

 

The app should already detect an .eap-config file from storage, email etc.

 

https://github.com/GEANT/CAT-Android/blob/master/AndroidManifest.xml

There is a file intent filter in the manifest, along with the http and https intent filters.

 

Im sure it did work, but maybe something has changed? If so, this turns into a bug report.

I know some download manager and file explorer apps did have issues with the intent filter.

Have you tried loading an eap-config file from an email attachment or storage using native apps?

 

We were very conscious of the chicken-and-egg situation, and have tried to address this as best as realistically possible.

Its possible some users can use mobile data to setup eduroam, using the config auto discovery functionality.

A setup SSIDs with local copies of files, or holes to cat.eduroam.org and google is also an option.

 

Gareth Ayres

 

 

-----Original Message-----
From: Martin Pauly [mailto:pauly AT hrz.uni-marburg.de]
Sent: 31 July 2017 17:20
To: cat-users AT lists.geant.org
Subject: [[cat-users]] Android App: Recognizing .eap-config files by file extension?

 

Hello,

 

this one goes to Stefan Winter :-)

Please forgive me, if I missed some update, I'm a bit scarce on Android

testing devices currently.

 

My request:

https://tools.ietf.org/html/draft-winter-opsawg-eap-metadata-00#section-4.2

proposes a most sensible feature, IMO:

 

-------------------------------- From RFC draft -------------------------

In situations where file types can not be determined by MIME type

    meta-information (e.g. when the file gets stored on a local

    filesystem), this document RECOMMENDs that EAP Metadata configuration

    files be stored with the extension

 

    .eap-config

 

    to identify the file as containing EAP Metadata configuration

    information.  Edge devices can register the application which can

    consume the EAP Metadata with this file extension.  By doing so, for

    example a single click or tap on the filename in the device's User

    Interface will invoke the configuration process.

------------------------------------------------------------------------

 

That is exactly what is needed for almost any initial eduroam CAT usage

on any Android device. Currently, the Android App only recognizes config

files downloaded from a web server that provides the appropriate MIME type.

But what do you do with a device for which eduroam is supposed to be its

first network connection, e.g. a newly bought tablet computer lacking a SIM card?

Basically the solution is now:

1. Connect to eduroam SSID manually (still unable to check the cert!)

2. Install the app

3. Access said web server to get the config file along with the MIME type

This will, of course, fire up the app and get everything right, finally.

Providing e.g. the apk+config on a USB Stick is pointless, since the file is

not recognized. Also, I could not find a menu item inside the app to manually

import a config file.

 

Guess what our users have been doing for ages? Execute Step 1 and call it a day.

Requiring a network connection to get the network connection right seems

illogical to me. I have narrowed the view to Android here because Android is so

easily tricked into the Evil Twin attack. It is also by far the most popular

mobile OS with our users, so there are thousands of devices out there

whose credentials are extremely easy to come by for any attacker.

 

Could we please associate the GEANT app with the .eap-config file extension?

 

Thanks, Martin

 

--

   Dr. Martin Pauly     Phone:  +49-6421-28-23527

   HRZ Univ. Marburg    Fax:    +49-6421-28-26994

   Hans-Meerwein-Str.   E-Mail: pauly AT HRZ.Uni-Marburg.DE

   D-35032 Marburg

 

Attachment: smime.p7s
Description: S/MIME cryptographic signature