Jason Ver Linden
Jun 29, 2017
9:37 pm

Using the enterprise id for container authentication

Hi there,

I am trying to use the enterprise id authentication option when creating a knox container. I have followed the example code to create an authentication config and set that to the container configuration. I also installed the sso authenticator app on the device. While I can get the enterprise id option to show in the list when creating the container as an available option, when I select it, the sso app seems to crash and the container authentication options screen just reloads and I never get the option to enter in my credentials. Am I missing anything besides setting up the container config and having the sso app installed on my device?

I get the following in logcat:

06-29 14:43:09.147 12263 12275 W Parcel  : **** enforceInterface() expected 'android.app.enterprise.sso.GenericSSOSupportSolution' but read 'com.samsung.android.knox.sso.serviceprovider.GenericSSOSupportSolution'

 

Below is our code to configure the container:

public void initializeContainerConfiguration() {

   KnoxConfigurationType newConfig = null;

   KnoxConfigurationType predefinedConfiguration = KnoxContainerManager.getConfigurationTypeByName("knox-b2b");
   if (predefinedConfiguration != null) {
      newConfig = predefinedConfiguration.clone(KAST_CUSTOM_CONFIGURATION_NAME); // Clones and assigns a new name
      newConfig.setContainerLayout(KnoxContainerManager.CONTAINER_LAYOUT_TYPE_CLASSIC);

      // Set Enterprise Identity config
      AuthenticationConfig authConfig = new AuthenticationConfig();

      // Set the authenticator package name .Make sure given package already installed on the device
      authConfig.setAuthenticatorPkgName(AuthenticationConfig.SAMSUNG_KERBEROS_AUTHENTICATOR);

      // Set authenticator signature (optional);
      authConfig.setAuthenticatorPkgSignature(null);

      // Show Enterprise Identity option on available lock types.
      authConfig.setHideEnterpriseIdentityLock(false);

      // Enforce Enterprise Identity so that user must choose Enterprise Identity
      //authConfig.setForceEnterpriseIdentityLock(true);

      // Configure authenticator params
      Bundle authBundle = new Bundle();
      authBundle.putString("LIBDEFAULTS_DEFAULT_REALM", myrealm);
      authBundle.putString("FEDERATION_SERVER_URL", myipaddress);
      authConfig.setAuthenticatorConfig(authBundle);

      newConfig.setEnterpriseIdentityAuthentication(authConfig);
      customConfiguration = newConfig;
   } else {
      String failMessage = "Failed to obtain knox-b2b container custom configuration";
      Log.e(LOG_TAG, failMessage);
      Toaster.showToast(Toaster.Toaster_Dial.ERROR, failMessage, Toast.LENGTH_LONG);
   }
}

...

KnoxContainerManager.addConfigurationType(context, customConfiguration);
KnoxContainerManager.createContainer(CustomContainerPolicyManager.KAST_CUSTOM_CONFIGURATION_NAME, mdm_package_name);