Subject: An open discussion list for topics related to the geteduroam service
- From: Paul Dekkers <paul.dekkers AT surf.nl>
- To: "geteduroam AT lists.geant.org" <geteduroam AT lists.geant.org>
- Subject: iOS 15 and geteduroam
- Date: Sun, 19 Sep 2021 20:49:18 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=surf.nl; dmarc=pass action=none header.from=surf.nl; dkim=pass header.d=surf.nl; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=q6am9zwER4QnDHbcO6P347W/vuuU9L4JTKVLpMYTRw4=; b=PpD9xqzvlCKQ2ylFko/ZP9sUZvR4/X0ii12DvGb9aw4+A5iPTs9zyTwdoj6yS+1mr0tJ7fnzXGfAUf+VUfUjxJkdDuFASpNcfBUerJ0NiMKp2uJcl+ysjbqMdzFKypJRSY2CmKFW29Isp32HbS1+wifMRjrngaLjM1V/c0Xfq2yfFgvep9/o1TarHUKMlo7N4iHb5jCtW4BGxL89F3JE+1tdewhDXvgR8CSd0tPvD/QMvokKsnyATNS6HkHcco27zShnjM5VO/5+BgOEztNwFhZ12rsfbte9M/1kyeHBLDJTGGU+0xvBjDCO0lfCboN8BB80YmcoqdAV9bKhi2ItmA==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QYyBAW7c+txlDYQQ/UMjlrFQyHlMz3N0D4iry8JNVDYgotgSARw0KVyxdg2pOuG+yysIqoxtmwqByXnDNO9Fq1VUrCdJHSzbvgdRSLInDqGxmALYq58m+eJfFmWJf7PEH9ROdPcwntd1Cv+/fgrwPmCL92iXkmtErGjkA8HukzvAy+GgRD9OML0N4a1iuh6bRDq/I9850UeO69a48VD9rG11wv1/rlphuBZoAuW3jgRg3spW+unQcKNKCk4J4YlF5EWlUMJDXpkK0RuWrb2ekYXwm2jXYEZ7M2guou9FSUeu/mLBbeuTFfnXIcjgEdZz6xhJ3LdZ4JZc4qR4s765WA==
- Authentication-results: lists.geant.org; dkim=none (message not signed) header.d=none;lists.geant.org; dmarc=none action=none header.from=surf.nl;
Unfortunately there appears to be a bug in iOS 15 that makes it impossible to install certificates from the geteduroam App. This affects both the installation of a client-certificates (key part of the pseudo-account workflow and hosted IdP) as well as the installation of a specific root CA for mutual authentication. We have lost hope this will be resolved before the launch of iOS 15, due next week.
We've provided Apple with feedback opened a bug after the early beta tests in June and while we see similar reports and are aware of the relevant Apple-internal bugs, there is so far no resolution.
This puts geteduroam on iOS 15 in a bit of a sorry state. Profiles that are already installed in iOS 14 continue to work.
We will redirect users with iOS 15 within the App to the .mobileconfig download for the pseudo-account workflow, which works and gives a reasonable experience.
We modified geteduroam also to install the CAT profiles with public EAP-server certificates by pinning it "by name" and not explicitly a CA. This version is submitted to TestFlight and if we receive no better news from Apple we'll publish it to the store soon after. (This version will only work with self-signed CAs if that CA is already installed.)
We'll continue to work with Apple to find a resolution,
Paul and Jørn
- iOS 15 and geteduroam, Paul Dekkers, 09/19/2021
Archive powered by MHonArc 2.6.19.