Subject: An open discussion list for topics related to the geteduroam service
List archive
- From: Ralf Paffrath <paffrath AT dfn.de>
- To: Paul Dekkers <paul.dekkers AT surf.nl>
- Cc: "geteduroam AT lists.geant.org" <geteduroam AT lists.geant.org>, François Kooman <fkooman AT tuxed.net>
- Subject: Re: iOS bug resolved in 15.2, Windows client update
- Date: Mon, 15 Nov 2021 09:33:53 +0100
Hi,
> On 12. Nov 2021, at 10:38, Paul Dekkers (via geteduroam Mailing List)
> <geteduroam AT lists.geant.org> wrote:
>
> Hi,
>
> On 12/11/2021 10:32, Ralf Paffrath wrote:
>> Hi,
>>> On 12. Nov 2021, at 09:44, Paul Dekkers (via geteduroam Mailing List)
>>> <geteduroam AT lists.geant.org> wrote:
>>>
>>> Hi,
>>>
>>> Ah, maybe I wasn't clear about the API; it doesn't affect the way the
>>> Apps work on the profile side, it uses a different Android API to install
>>> the WiFi networks. This was non-existant in Android 10, it caused a crash
>>> in the first release of Android 11, but it works well on A11+ now, but we
>>> have some remaining issues that we're still working on.
>>>
>>> So it will continue to use .eap-config files, which is an answer to your
>>> second question also: all current Apps read .eap-config files, also iOS,
>>> and not .mobileconfig. (In fact I think that wouldn't even be possible.)
>>> We may have a different strategy on a macOS version, but that's for later.
>>>
>>> Hope this clarifies things,
>> We use GETEDUROAM for our brand new pilot project EasyRoam4Edu (a managed
>> eduroam IdP inspired by eduVPN) what is part off a bachelor thesis.
>> On iOS we recommend our pilot users not to use the GETEDUROAM app but use
>> the mobileconfig which the pilot user can download directly from our
>> EasyRoam4Edu server.
>> On iOS 14 the EasyRoam4Edu world was ok, we used the GETEDUROAM App
>> successfully. But then iOS 15 came up and the GETEDUROAM App on iOS 15
>> announced an internal error when reading the eap_config so we were forced
>> to switch to mobileconfig ant the EasyRoam4Edu world was ok again.
>> In fact downloading the mobileconfig for MacOSX/iOS is not a problem, it
>> works stable. In EasyRoam4Edu we support EAP-TLS authentication only in a
>> hybrid ca environment based on a public ca (server site) and a privat ca
>> (client site).
>
> Yes, this is exactly what we do with the geteduroam pseudo accounts,
> server-side? So you made another implementation for the server I guess,
> also with OAUTH from the Apps?
No, we implemented a new server based on Shibboleth.
Regards,
Ralf
>
> For the iOS 15.0 and 15.1 we had two mitigation options, either after the
> OAUTH phase do a mobileconfig download, but that clearly doesn't come as
> natural to users. Or provide a profile with a username/password, which is
> also secure. With either approach iOS 15 continued to work with geteduroam,
>
> Regards,
> Paul
>
>
>> Best regards,
>> Ralf
>>>
>>> Regards,
>>> Paul
>>>
>>>
>>> On 12/11/2021 09:03, Ralf Paffrath wrote:
>>>> Hi Paul,
>>>> is there any documentation for the new API?
>>>> Will the new GETEDUROAM App read in the .mobileconfig on iOS?
>>>> Best regards,
>>>> Ralf
>>>>> On 11. Nov 2021, at 12:44, Paul Dekkers (via geteduroam Mailing List)
>>>>> <geteduroam AT lists.geant.org> wrote:
>>>>>
>>>>> Hi geteduroam-list,
>>>>>
>>>>> We wrote earlier about the bug in iOS 15 that made it impossible to
>>>>> install certificates (both client and CA) from the iOS geteduroam App.
>>>>> Fortunately, this bug is resolved in the upcoming iOS 15.2 release; we
>>>>> have confirmation from Apple and verified with the past 2 beta builds.
>>>>> Now hope iOS 15.2 is released soon ;-)
>>>>>
>>>>> Little news on the Android App; we continue to work on a new version,
>>>>> and now have one that uses a different API compared to the current
>>>>> published beta: it's behavior is more natural for the users, but there
>>>>> are a few issues still to resolve before we could release it. (If it
>>>>> doesn't work out, we could still use the version as published in beta
>>>>> now: it is stable.)
>>>>>
>>>>> I'll also take the opportunity to also highlight a new release of the
>>>>> geteduroam Windows client; there was a bug where we didn't use the
>>>>> (anonymous) outer identity for EAP-PEAP accounts (just EAP-TTLS). This
>>>>> is fixed in version 3.2.6, via
>>>>> https://github.com/geteduroam/windows-app/releases or the downloads on
>>>>> https://geteduroam.app/ (Thanks to Guy Halse for finding it and
>>>>> creating an issue for this.)
>>>>>
>>>>> Regards,
>>>>> Paul
>>>>>
>>>>>
>>>> --
>>>> Security, Trust & Identity Services
>>>> E-Mail: eduroam AT dfn.de, eduvpn AT dfn.de, easyroam4edu AT dfn.de | Fon: +49 30
>>>> 884299-9121/9120 | Fax: 030 88 42 99 370
>>>> __________________________________________________________________________________
>>>> DFN - Deutsches Forschungsnetz | German National Research and Education
>>>> Network
>>>> Verein zur Förderung eines Deutschen Forschungsnetzes e.V.
>>>> Alexanderplatz 1 | 10178 Berlin
>>>> https://www.dfn.de
>>>> Vorstand: Prof. Dr. Odej Kao (Vorsitzender) | Dr. Rainer Bockholt |
>>>> Christian Zens
>>>> Geschäftsführung: Dr. Christian Grimm | Jochem Pattloch
>>>> VR AG Charlottenburg 7729NZ | USt.-ID. DE 136623822
>> --
>> Security, Trust & Identity Services
>> E-Mail: eduroam AT dfn.de, eduvpn AT dfn.de, easyroam4edu AT dfn.de | Fon: +49 30
>> 884299-9121/9120 | Fax: 030 88 42 99 370
>> __________________________________________________________________________________
>> DFN - Deutsches Forschungsnetz | German National Research and Education
>> Network
>> Verein zur Förderung eines Deutschen Forschungsnetzes e.V.
>> Alexanderplatz 1 | 10178 Berlin
>> https://www.dfn.de
>> Vorstand: Prof. Dr. Odej Kao (Vorsitzender) | Dr. Rainer Bockholt |
>> Christian Zens
>> Geschäftsführung: Dr. Christian Grimm | Jochem Pattloch
>> VR AG Charlottenburg 7729NZ | USt.-ID. DE 136623822
--
Security, Trust & Identity Services
E-Mail: eduroam AT dfn.de, eduvpn AT dfn.de, easyroam4edu AT dfn.de | Fon: +49 30
884299-9121/9120 | Fax: 030 88 42 99 370
__________________________________________________________________________________
DFN - Deutsches Forschungsnetz | German National Research and Education
Network
Verein zur Förderung eines Deutschen Forschungsnetzes e.V.
Alexanderplatz 1 | 10178 Berlin
https://www.dfn.de
Vorstand: Prof. Dr. Odej Kao (Vorsitzender) | Dr. Rainer Bockholt | Christian
Zens
Geschäftsführung: Dr. Christian Grimm | Jochem Pattloch
VR AG Charlottenburg 7729NZ | USt.-ID. DE 136623822
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
- iOS bug resolved in 15.2, Windows client update, Paul Dekkers, 11/11/2021
- Re: iOS bug resolved in 15.2, Windows client update, Ralf Paffrath, 11/12/2021
- Re: iOS bug resolved in 15.2, Windows client update, Paul Dekkers, 11/12/2021
- Re: iOS bug resolved in 15.2, Windows client update, Ralf Paffrath, 11/12/2021
- Re: iOS bug resolved in 15.2, Windows client update, Paul Dekkers, 11/12/2021
- Re: iOS bug resolved in 15.2, Windows client update, Ralf Paffrath, 11/15/2021
- Re: iOS bug resolved in 15.2, Windows client update, Paul Dekkers, 11/12/2021
- Re: iOS bug resolved in 15.2, Windows client update, Ralf Paffrath, 11/12/2021
- Re: iOS bug resolved in 15.2, Windows client update, Paul Dekkers, 11/12/2021
- Re: iOS bug resolved in 15.2, Windows client update, Stefan Paetow, 11/12/2021
- Re: iOS bug resolved in 15.2, Windows client update, Ralf Paffrath, 11/12/2021
Archive powered by MHonArc 2.6.19.