I have been trying to connect my android device to an enterprise network programatically over the past few days without any success, I have been following multiple examples online, but most of the ones I find are for EAP(TLS) networks and the one where I work is EAP(PEAP), here is the type of network.
802.1x EAP
EAP method: PEAP
Phase 2 Authentication: MSCHAPV2
the authentication always fails and logcat doesn't indicate me where the problem is I just know it fails when the authentication is being performed.
Here is a copy of my current code and the logs from logcat where it fails:
/****************** CODE ******************************/
public class WPAActivity extends LauncherActivity
{
private static final String TAG = "WPAActivity";
/************* Definitions to find variables ***************************/
private static final String INT_PRIVATE_KEY = "private_key";
private static final String INT_PHASE2 = "phase2";
private static final String INT_PASSWORD = "password";
private static final String INT_IDENTITY = "identity";
private static final String INT_EAP = "eap";
private static final String INT_CLIENT_CERT = "client_cert";
private static final String INT_CA_CERT = "ca_cert";
private static final String INT_ANONYMOUS_IDENTITY = "anonymous_identity";
final String INT_ENTERPRISEFIELD_NAME ="android.net.wifi.WifiConfiguration$EnterpriseField";
/************************************************************************/
/********************************Configuration Strings*********************/
final String ENTERPRISE_EAP = "PEAP";
final String ENTERPRISE_CLIENT_CERT = "";
final String ENTERPRISE_PRIV_KEY = "";
final String ENTERPRISE_PHASE2 = "\"MSCHAPV2\"";
final String ENTERPRISE_ANON_IDENT = "";
final String ENTERPRISE_CA_CERT = "";
final String userName = "\"my Username";
final String passString = "\"my Password\"";
/**************************************************************************/
/** Called when the activity is first created. */
@Override
public void onCreate(Bundle savedInstanceState)
{
super.onCreate(savedInstanceState);
setContentView(R.layout.main);
WifiManager wifi = (WifiManager) getSystemService(Context.WIFI_SERVICE);
WifiConfiguration wc = new WifiConfiguration();
wc.SSID = "\"mySSID\"";
wc.preSharedKey = "\"my Password\"";
wc.hiddenSSID = true;
wc.status = WifiConfiguration.Status.ENABLED;
wc.allowedKeyManagement.clear();
wc.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.IEEE8021X);
wc.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.WPA_EAP);
/*Group Ciphers*/
wc.allowedGroupCiphers.clear();
wc.allowedPairwiseCiphers.set(WifiConfiguration.PairwiseCipher.CCMP);
wc.allowedPairwiseCiphers.set(WifiConfiguration.PairwiseCipher.TKIP);
/*Protocols*/
wc.allowedProtocols.clear();
wc.allowedProtocols.set(WifiConfiguration.Protocol.RSN);
wc.allowedProtocols.set(WifiConfiguration.Protocol.WPA);
Class[] enterpriseFieldArray = WifiConfiguration.class.getClasses();
Class<?> enterpriseFieldClass = null;
for(Class<?> myClass : enterpriseFieldArray)
{
if(myClass.getName().equals(INT_ENTERPRISEFIELD_NAME))
{
enterpriseFieldClass = myClass;
break;
}
}
Log.d(TAG, "class chosen " + enterpriseFieldClass.getName() );
Field anonymousId = null, caCert = null, clientCert = null,
eap = null, identity = null, password = null,
phase2 = null, privateKey = null;
Field[] fields = WifiConfiguration.class.getFields();
for (Field tempField : fields)
{
if (tempField.getName().trim().equals(INT_ANONYMOUS_IDENTITY))
{
anonymousId = tempField;
Log.d(TAG, "field " + anonymousId.getName() );
}
else if (tempField.getName().trim().equals(INT_CA_CERT))
{
caCert = tempField;
}
else if (tempField.getName().trim().equals(INT_CA_CERT))
{
}
else if (tempField.getName().trim().equals(INT_CLIENT_CERT))
{
clientCert = tempField;
Log.d(TAG, "field " + clientCert.getName() );
}
else if (tempField.getName().trim().equals(INT_EAP))
{
eap = tempField;
Log.d(TAG, "field " + eap.getName() );
}
else if (tempField.getName().trim().equals(INT_IDENTITY))
{
identity = tempField;
Log.d(TAG, "field " + identity.getName() );
}
else if (tempField.getName().trim().equals(INT_PASSWORD))
{
password = tempField;
Log.d(TAG, "field " + password.getName() );
}
else if (tempField.getName().trim().equals(INT_PHASE2))
{
phase2 = tempField;
Log.d(TAG, "field " + phase2.getName() );
}
else if (tempField.getName().trim().equals(INT_PRIVATE_KEY))
{
privateKey = tempField;
}
}
Method setValue = null;
for(Method m: enterpriseFieldClass.getMethods())
{
if(m.getName().trim().equals("setValue"))
{
Log.d(TAG, "method " + m.getName() );
setValue = m;
break;
}
}
try
{
// EAP
setValue.invoke(eap.get(wc), ENTERPRISE_EAP);
// EAP Phase 2
setValue.invoke(phase2.get(wc), ENTERPRISE_PHASE2);
// EAP Anonymous Id
setValue.invoke(anonymousId.get(wc), ENTERPRISE_ANON_IDENT);
// EAP CA Certificate
setValue.invoke(caCert.get(wc), ENTERPRISE_CA_CERT);
// Private Key
setValue.invoke(privateKey.get(wc), ENTERPRISE_PRIV_KEY);
// EAP Identity
setValue.invoke(identity.get(wc), userName);
// EAP Password
setValue.invoke(password.get(wc), passString);
// EAP Client certificate
setValue.invoke(clientCert.get(wc), ENTERPRISE_CLIENT_CERT);
}
catch (Exception e)
{
}
Log.d("WifiPreference", "2");
int res = wifi.addNetwork(wc);
Log.d("WifiPreference", "add Network returned " + res );
boolean b = wifi.enableNetwork(res, true);
Log.d("WifiPreference", "enableNetwork returned " + b );
}
}
and these are the logs indicating where the connection attempt fails
/************************And here are the logs********************/
02-09 09:23:30.514: I/ActivityManager(2084): Displayed activity com.test.wpa/.WPAActivity: 445 ms (total 445 ms)
02-09 09:23:31.514: I/wpa_supplicant(27633): CTRL-EVENT-SCAN-RESULTS Ready
02-09 09:23:31.514: I/wpa_supplicant(27633): Trying to associate with 00:1c:0f:82:04:e0 (SSID='*****' freq=2437 MHz)
02-09 09:23:31.514: I/wpa_supplicant(27633): CTRL-EVENT-STATE-CHANGE id=-1 state=3
02-09 09:23:31.649: V/WifiMonitor(2084): Event [Trying to associate with 00:1c:0f:82:04:e0 (SSID='*****' freq=2437 MHz)]
02-09 09:23:31.649: V/WifiMonitor(2084): Event [CTRL-EVENT-STATE-CHANGE id=-1 state=3]
02-09 09:23:31.654: V/WifiStateTracker(2084): Changing supplicant state: SCANNING ==> ASSOCIATING
02-09 09:23:31.654: D/NetworkStateTracker(2084): setDetailed state, old =SCANNING and new state=CONNECTING
02-09 09:23:31.659: D/ConnectivityService(2084): ConnectivityChange for WIFI: CONNECTING/CONNECTING
02-09 09:23:32.621: I/wpa_supplicant(27633): CTRL-EVENT-STATE-CHANGE id=0 state=4
02-09 09:23:32.621: V/WifiMonitor(2084): Event [CTRL-EVENT-STATE-CHANGE id=0 state=4]
02-09 09:23:32.624: I/wpa_supplicant(27633): Associated with 00:1c:0f:82:04:e0
02-09 09:23:32.624: I/wpa_supplicant(27633): CTRL-EVENT-EAP-STARTED EAP authentication started
02-09 09:23:32.629: V/WifiMonitor(2084): Event [Associated with 00:1c:0f:82:04:e0]
**02-09 09:23:32.629: V/WifiMonitor(2084): Event [CTRL-EVENT-EAP-STARTED EAP authentication started]**
02-09 09:23:32.629: V/WifiStateTracker(2084): Changing supplicant state: ASSOCIATING ==> ASSOCIATED
**02-09 09:23:32.629: D/NetworkStateTracker(2084): setDetailed state, old =CONNECTING and new state=CONNECTING**
**02-09 09:23:32.634: I/wpa_supplicant(27633): CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys**
02-09 09:23:32.644: I/wpa_supplicant(27633): CTRL-EVENT-STATE-CHANGE id=0 state=0
**02-09 09:23:32.644: V/WifiMonitor(2084): Event [CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys]**
02-09 09:23:32.644: V/WifiMonitor(2084): Event [CTRL-EVENT-STATE-CHANGE id=0 state=0]
I couldn’t find examples online about EAP (PEAP) authentication programmatically, I have tried changing the WiFi configuration with no success. Any Ideas or helpful sites/examples on how to connect to a Enterprise network EAP (PEAP), or can someone point me in the right direction?
On your Android device, go to Settings, then tap Wireless & networks, then Wi-Fi settings. Tap eduroam. Make sure that for EAP method, PEAP is selected. Tap Phase 2 authentication, and then select MSCHAPV2.
PEAP (Protected Extensible Authentication Protocol) is a version of EAP, the authentication protocol used in wireless networks and Point-to-Point connections. PEAP is designed to provide more secure authentication for 802.11 WLANs (wireless local area networks) that support 802.1X port access control.
PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a secure TLS tunnel to protect user authentication, and uses server-side public key certificates to authenticate the server. It then creates an encrypted TLS tunnel between the client and the authentication server.
I'm trying to connect company's eap wifi in my programm.
PreCondition:
1.let the IT staff add your device's mac address to network configuration.
2.my network configuration:
EAP method:PEAP
Phase2MethodVerify:NULL
CACertificateVerify:NULL
Identity:""
Password:""
Fisrt,I added some log in setting,in this way i know what happened when i click wifi submit button.
It prints like this:
* ID: -1 SSID: "SSID" PROVIDER-NAME: null BSSID: null FQDN: null PRIO: 0 HIDDEN: false
NetworkSelectionStatus NETWORK_SELECTION_ENABLED
hasEverConnected: false
KeyMgmt: WPA_EAP IEEE8021X Protocols:
AuthAlgorithms:
PairwiseCiphers:
GroupCiphers:
PSK:
Enterprise config:
password <removed>
ca_path NULL
engine 0
proactive_key_caching 1
client_cert NULL
anonymous_identity NULL
ca_cert NULL
identity "name"
domain_suffix_match NULL
key_id NULL
engine_id NULL
IP config:
IP assignment: DHCP
Proxy settings: NONE
cuid=-1 luid=-1 lcuid=0 userApproved=USER_UNSPECIFIED noInternetAccessExpected=false isCarrierNetwork=false roamingFailureBlackListTimeMilli: 1000
triggeredLow: 0 triggeredBad: 0 triggeredNotHigh: 0
ticksLow: 0 ticksBad: 0 ticksNotHigh: 0
triggeredJoin: 0
and my config in code is :
config.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.WPA_EAP);
config.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.IEEE8021X);
config.enterpriseConfig.setEapMethod(WifiEnterpriseConfig.Eap.PEAP);
config.enterpriseConfig.setPhase2Method(WifiEnterpriseConfig.Phase2.NONE);
config.enterpriseConfig.setCaCertificate(null);
config.enterpriseConfig.setAnonymousIdentity(null);
config.enterpriseConfig.setDomainSuffixMatch(null);
String ssid = "";
String psw = "";
config.enterpriseConfig.setIdentity(ssid);
config.enterpriseConfig.setPassword(psw);
And it print like this:
* ID: -1 SSID: "SSID" PROVIDER-NAME: null BSSID: null FQDN: null PRIO: 0 HIDDEN: false
NetworkSelectionStatus NETWORK_SELECTION_ENABLED
hasEverConnected: false
KeyMgmt: WPA_EAP IEEE8021X Protocols:
AuthAlgorithms:
PairwiseCiphers:
GroupCiphers:
PSK:
Enterprise config:
anonymous_identity NULL
password <removed>
identity "name"
domain_suffix_match NULL
proactive_key_caching 1
IP config:
IP assignment: UNASSIGNED
Proxy settings: UNASSIGNED
cuid=-1 luid=-1 lcuid=0 userApproved=USER_UNSPECIFIED noInternetAccessExpected=false isCarrierNetwork=false roamingFailureBlackListTimeMilli: 1000
triggeredLow: 0 triggeredBad: 0 triggeredNotHigh: 0
ticksLow: 0 ticksBad: 0 ticksNotHigh: 0
triggeredJoin: 0
Finally,it works~
Finally, I've defeated my CiSCO EAP-FAST corporate wifi network, and all our Android devices are now able to connect to it.
The walk-around I've performed in order to gain access to this kind of networks from an Android device are easiest than you can imagine.
There's a Wifi Config Editor in the Google Play Store you can use to "activate" the secondary CISCO Protocols when you are setting up a EAP wifi connection.
Its name is Wifi Config Advanced Editor.
First, you have to setup your wireless network manually as close as you can to your "official" corporate wifi parameters.
Save it.
Go to the WCE and edit the parameters of the network you have created in the previous step.
There are 3 or 4 series of settings you should activate in order to force the Android device to use them as a way to connect (the main site I think you want to visit is Enterprise Configuration, but don't forget to check all the parameters to change them if needed.
As a suggestion, even if you have a WPA2 EAP-FAST Cipher, try LEAP in your setup. It worked for me as a charm.
When you finished to edit the config, go to the main Android wifi controller, and force to connect to this network.
Do not Edit the network again with the Android wifi interface.
I have tested it on Samsung Galaxy 1 and 2, Note mobile devices, and on a Lenovo Thinkpad Tablet.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With