Skip to Content.

cat-users - Re: [[cat-users]] example for client side p12 file inside android config

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive


Re: [[cat-users]] example for client side p12 file inside android config


Chronological Thread 
  • From: Stefan Winter <stefan.winter AT restena.lu>
  • To: Martin Hierling <martin.hierling AT hs-owl.de>, "'cat-users AT lists.geant.org'" <cat-users AT lists.geant.org>
  • Subject: Re: [[cat-users]] example for client side p12 file inside android config
  • Date: Tue, 5 Feb 2019 08:32:03 +0100
  • Autocrypt: addr=stefan.winter AT restena.lu; prefer-encrypt=mutual; keydata= mQINBFIplEwBEADTSz+DS8nio+RSvfSLLfaOnCGi1nqpn8Pb1laVUyEvnAAzZ5jemiS88Gxf iDH6hUGlWzcaW0hCfUHGiohr485adbjxRksPngWgAt/1bRxpifsW3zObFjgog01WWQV5Sihl wc4zr8zvYbFA5BJZ6YdkR9C5J015riv5OS30WTjA65SSXgYrb7zJWPwmegTFwE093uBFvC39 waz3xYpVu5j87nO6w2MVQt/8sY2/2BFPEq+xfOajl18UEwc7w8SCgnZdlVNcmEK4UBvJuwS/ 1lsR2JeQa8Gu1EDxC7PRgMgNXsDSWnnBe9aVmfG54+6ILe1QH2dwk9sPBQT5w2+vjijrb3Dv 9ur+1kN+TNU2XE436jVpnnY/3OsLdix30STQn4Q/XOm7YoVMeDwwviefilRxzK0dXA+wKj92 T68Od82CFxuZqPAgBCVmWfQM91iK9piqFK+QP+R3vF6+NGDBdwbe68iVKs0v5L8XmbxBQndj pmo+lo2asmBR2TAIfZHaKdgtBw13u3GPVVKlg/Mpko8ki9JOSem2aFyi3kQEVKptWgXT3POl 97DWJzsR5VyKz6GOx9kJAEISRyLZwm0wqh8+9LCza5oeIKW381lzq1b9x30vOh8CBSQQJ+cG 9ko0yPHAj7Suw2TmPXx1qMctmE6Ahq82ZW30SljdZby8WQuR2wARAQABtDxTdGVmYW4gV2lu dGVyIChSRVNURU5BIGtleSAyMDEzKykgPHN0ZWZhbi53aW50ZXJAcmVzdGVuYS5sdT6JAjkE EwECACMFAlIplEwCGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRDA3mo1ijncZj7/ D/99hVS+mJr8dSPCaDaUFFxBiT2eI1LoR8VKEerTCRw5BsdL6pN2eRJZ9NmsqWo1ynWVHEzO 91bNZ+oZGgyoNohcBAI7p+r0qUTzkyqwdZO4kMm0pqKoM9xkP3tf2mjGujKjOz4Y7S7wnz2Z FokeUsecoRVJF/++/qHnmeWLn44J1HUKLHYCjMu+QXGOgGXgz024jQ5eUrnPwzNp0Z90AFVH lWC+bymty/ToIUUCQqS5Ff0jzdWLd8U695OG9iGvjBQT1LdEjsfbAwuKV5UcnpxNqUpUwKa5 9hdX5/2cMZP07FI1UXwnBlxa8rJfdb13FLjSKX4vUUHedYUZMjMPgcwl1a+zGE22lHiSQWgP 8QLA/W3BLsi22ERCEPZBfexOeOtaWIItDIz18fIaQoMDoRPshzar0JI2CzLYsyeKySAtYJEH FVoLmMvhkwzBmgqA/BEswUA67CfCr1jFHRXdpmWM7YkyAmMa9q6LwquWKS5+MXlUXe/3oZUc gpw/T9Uuy3Jo3RdS7B3jFcWaVr6KsO/A9u1gr/aYn5M+iJTQSj4vzqtkQaJTpSspRZoKa66H Zt3IwSYiDiYZqtM83ynuj9kjnZzGfnuTaNIi996q6Mptr33mOzIE1wmMqnJYwTr3EcNtf483 q/qrJwh5ES8Q9xY7aat/ZcSl8fKubW4TlfVr8bkCDQRSKZRMARAAvBPpn7FQq7LQ5glohtbL 6XIEo1U4X67S0TzUYieENSWSVYuWYIhCBldmWdmH8Bpj/qHeqdon7v+SLtR4WngzMR9toupK cFfHnbP9kpazTSB2ySHxXWGX1gJOpPXdCcg9iveKBHEsDn00ThTcPsvtXpnnzET16pXIvOXO 0bxTmVZ4INIF1SWgvYma/g8kBbgXLpkj8tOywBqFiiYPEZlDeCxDHiMgUDh6olda9K/0TZFT dMPUgjKuubfAeaDNCOrVt4RjmFOaRLikcZocmgJhm3z/j25x7/mnNu+0di1H/S67YGQJ+pqC FInzIXDx7aRW2+JCiqsY2X3xOPWZZzjyis5SNnfOcPH3gt2hYz1fy+thsBGf4NgCN01JRqIJ 2/MOQCgUdwh+9l8xqaJvCkUHM4hVh4W62MAe1u7UEqQbvvNEqxM5034vcvlE+/LRkrDCspw+ 2YJ9QyroLerVRwW5DVleP8Ifi8VB3yD80nqXYs9aqRy0BkDNIQ43ERhESMt8dJqrNkxgC6pe mZrhNwyDh+hy2kPNGQh/iBpdKuH1o3E24TIZoV2v3YHvzob7aAYHddE/PofAXhJW7I9mAs+H dWDmnI8ckuPDFpFH+Y/BFGvEXgcnJAJ1wEvf+4LuiIi0MHjR4EWFn9vvoFDAIqD10h3FSd3D 59HGtdSsNn4XaCsAEQEAAYkCHwQYAQIACQUCUimUTAIbDAAKCRDA3mo1ijncZhBtEACL036d djc5pFoYIdoUY1vT8SMXJNquewCnL1quDADzqDZFU5GNlQEy10krSfBwlTb9ahTtE0JFrOdZ wUZtoa1Pgfr8nU6KOgrXPHbNjS/9dyc5CwGVVIpOavIm2CsMVDJ9LCF/NT+u/t1k6eGfHhPV l3dUQyDa/lzc1chKUIVQYQkFmr0A/iXP+29lFCaI+IeyU0bSdZhezDwUROn5vEx+fiPZyHDS hCb+BxJv/o2LQp9JHenCiSbO+ioRZdxgbWfoKBuXOfmSStqMWXas/gZ5vS3xq72LNtKPRxgp jX3P8Zml1XDqpcBau7eK75VKE0Yd06YxnUIsbcEzInUc3uzW/u0DFpXYkMJb0XIvJyUt5yYP KfV13N8kSkPi5pLxm8yuftXMzfgeFMR7nafY3glTVj/TxElzg6xeZNqfC2ZjIbBtZg9ylHU8 u8wwB+dX282crs0R3N9A064C71/cXlBqcjzjlKH2NUIWGxr+od3TXFIFjszSU3NgMPKrWNhF LLwS81MpbkOe73s6aDhS8RDyNucoxtKXriLR+4Xiu4+pyj5ukYP1JqpB3ZobY/XZgCnJMye+ 7xeTpIDJ1LPORxM3NNAElyb26lxAK2P+km+EpI0Zzz6rNSCfg5jYQ474+e/GBgaSG4MlaPoZ +XAfN46u1Xjjv1/AkkA4IA6m5zP5og==
  • Openpgp: id=AD3091F3AB24E05F4F722C03C0DE6A358A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Hello,

below is a full file with a client certificate. This is what eduroam managed
IdP produces and what the eduroam CAT Android app is fully prepared to
consume. Actual certificate content is redacted.

Greetings,

Stefan Winter

<?xml version="1.0" encoding="utf-8"?>
<EAPIdentityProviderList xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:noNamespaceSchemaLocation="eap-metadata.xsd">
<EAPIdentityProvider ID="14-12.lu.hosted.eduroam.org"
namespace="urn:RFC4282:realm" lang="en" version="1">
<AuthenticationMethods>
<AuthenticationMethod>
<EAPMethod>
<Type>13</Type>
</EAPMethod>
<ServerSideCredential>
<CA format="X.509" encoding="base64">
MII...XA==</CA>
<ServerID>auth.lu.hosted.eduroam.org</ServerID>
</ServerSideCredential>
<ClientSideCredential>
<ClientCertificate format="PKCS12" encoding="base64">
MII...nbc=</ClientCertificate>
</ClientSideCredential>
<InnerAuthenticationMethod>
<EAPMethod>
<Type>999</Type>
</EAPMethod>
</InnerAuthenticationMethod>
</AuthenticationMethod>
</AuthenticationMethods>
<CredentialApplicability>
<IEEE80211>
<SSID>eduroam</SSID>
<MinRSNProto>CCMP</MinRSNProto>
</IEEE80211>
<IEEE80211>
<ConsortiumOID>001bc50460</ConsortiumOID>
</IEEE80211>
</CredentialApplicability>
<ProviderInfo>
<DisplayName>eduroam Luxembourg - Test Accounts</DisplayName>
<ProviderLocation>
<Longitude>5.948345661163329</Longitude>
<Latitude>49.50425451619779</Latitude>
</ProviderLocation>
<Helpdesk>
<EmailAddress>stefan.winter AT restena.lu</EmailAddress>
</Helpdesk>
</ProviderInfo>
</EAPIdentityProvider>
</EAPIdentityProviderList>

Am 05.02.19 um 08:06 schrieb Martin Hierling:
> Hi,
>
> i am trying to generate a android eap xml config with a p12 File inside for
> client authentication.
> What i have so far ist he cat tool generated config without the cert data, i
> also have a link to the metadata file:
> https://github.com/GEANT/CAT/blob/master/devices/xml/eap-metadata.xsd
> Also i bane some base64 encoded p12/pfx file with key/cert in it.
>
> But i am not a xml/programmer guy so i didnt get this together.
>
> Our config looks like this:
>
> <?xml version="1.0" encoding="utf-8"?>
> <EAPIdentityProviderList
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:noNamespaceSchemaLocation="eap-metadata.xsd">
> <EAPIdentityProvider ID="th-owl.de" namespace="urn:RFC4282:realm"
> lang="de" version="1">
> <AuthenticationMethods>
> <AuthenticationMethod>
> <EAPMethod>
> <Type>13</Type>
> </EAPMethod>
> <ServerSideCredential>
> <CA format="X.509" encoding="base64">MII...wg==</CA>
> <CA format="X.509" encoding="base64">MII...chk5</CA>
> <CA format="X.509" encoding="base64">MII...Bg==</CA>
> <ServerID>radsec.skim.th-owl.de</ServerID>
> </ServerSideCredential>
> <ClientSideCredential/>
> </AuthenticationMethod>
> </AuthenticationMethods>
> <CredentialApplicability>
> <IEEE80211>
> <SSID>eduroam</SSID>
> <MinRSNProto>CCMP</MinRSNProto>
> </IEEE80211>
> </CredentialApplicability>
> <ProviderInfo>
> <DisplayName>Technische Hochschule Owstwestfalen-Lippe</DisplayName>
> <Description>Eduroam Profil fuer die TH-OWL</Description>
> <ProviderLocation>
> <Longitude>8.905039999999985</Longitude>
> <Latitude>52.01665</Latitude>
> </ProviderLocation>
> <Helpdesk>
> <EmailAddress>support AT hs-owl.de</EmailAddress>
> <WebAddress>https://www.hs-owl.de/skim/</WebAddress>
> <Phone>+495261 702-2222</Phone>
> </Helpdesk>
> </ProviderInfo>
> </EAPIdentityProvider>
> </EAPIdentityProviderList>
>
> I can guess that i have to add something to ClientSideCredential with some
> of ClientCertificate data.
> Can anybody provide a example where i can copy / paste the relevant parts
> ...
>
> Regards Martin
>
> Hochschule Ostwestfalen-Lippe
> S(kim) Service - Kommunikation - Information - Medien
> Dipl. Ing. Martin Hierling
> Liebigstr. 87 - 32657 Lemgo
> Tel: +49 5261 702 5896
> ----------------------------------------------------------------
> Press any key... no, no, no, NOT THAT ONE!
> ----------------------------------------------------------------
>
>


--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's
key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0xC0DE6A358A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature




Archive powered by MHonArc 2.6.19.

Top of Page