Supported Wi-Fi Configurations
ArborXR offers Wi-Fi configuration functionality where users can create and configure a library of Wi-Fi networks, then remotely provision configurations to devices to remotely connect them to new networks. Below are details on the supported security types, certificates, and proxies.
Security
- Open
- Open (Unsecured)
- This type has no further settings.
- OWE (Opportunistic Wireless Encryption)
- Only supported by devices that run Android 10 (or later) and are certified as "Wi-Fi Certified Enhanced Open".
- This type has no further settings.
- Open (Unsecured)
- Personal
- WPA/WPA2
- Technical name is PSK (Pre-Shared Key).
- This is either WPA-Personal (WPA-PSK) or WPA2-Personal (WPA2-PSK).
- Password: String 8 to 63 characters.
- WPA3
- Only supported by devices that run Android 10 (or later) and specifically advertise support for this.
- Technical name is SAE.
- Also called WPA3-Personal (WPA3-PSK).
- Password: String of 1 to 63 characters.
- WPA/WPA2
- Enterprise
- WPA/WPA2
- Technical name is EAP.
- This is either WPA-Enterprise or WPA2-Enterprise.
- EAP Method, one of:
- PEAP (Protected Extensible Authentication Protocol, also called "Protected EAP")
- Phase2 Method, one of:
- MSCHAPv2 (Microsoft's Challenge Handshake Authentication Protocol version 2)
- Identity: String
- Password: String
- GTC (Generic Token Card)
- Identity: String
- Password: String
- MSCHAPv2 (Microsoft's Challenge Handshake Authentication Protocol version 2)
- CA Certificate: X.509 certificate (see below section for details)
- OCSP stapling: See below section for details.
- Domain: String
- Anonymous Identity: String
- Phase2 Method, one of:
- TLS (Transport Layer Security)
- (Optional) User Certificate: X.509 certificate (see below section for details)
- CA Certificate: X.509 certificate (see below section for details)
- OCSP stapling: See below section for details.
- Domain: String
- Identity: String
- TTLS (Tunneled Transport Layer Security)
- Phase2 Method, one of:
- PAP (Password Authentication Protocol)
- MSCHAP (Microsoft's Challenge Handshake Authentication Protocol version 1)
- MSCHAPv2 (Microsoft's Challenge Handshake Authentication Protocol version 2)
- GTC (Generic Token Card)
- CA Certificate: X.509 certificate (see below section for details)
- OCSP stapling: See below section for details.
- Domain: String
- Identity: String
- Anonymous Identity: String
- Password: String
- Phase2 Method, one of:
- PWD (Password)
- Identity: String
- Password: String
- PEAP (Protected Extensible Authentication Protocol, also called "Protected EAP")
- WPA3-Enterprise
- Only supported by devices that run Android 10 (or later) and specifically advertise support for this.
- Technical name is EAP Suite-B.
- Settings: Except for more supported authentication methods, this is the same as EAP-TLS. However, the user certificate is required.
- WPA/WPA2
Certificates
Some of the enterprise WPA3 (i.e. EAP) methods require the use of (CA or user) certificates.
Certificates must be an X.509 certificate in Base64-encoded DER format (i.e. PEM) representation of a certificate without header, footer and line breaks. More information can be found in RFC 7468.
Instead of specifying a CA certificate, the device's system certificates can be used.
OCSP (Online Certificate Status Protocol) Stapling
Some of the enterprise WPA3 (i.e. EAP) methods require the use of a CA certificate, and thus require setting whether (and how) to check the revocation status of the certificate.
- Only supported by devices that run Android 11 (or later). This setting is ignored on devices running earlier version of Android.
- Formally known as the "TLS Certificate Status Request" extension.
- Enum, one of:
- None (Don't staple)
- Request Status (Try to staple, but don't require a response)
- Require Status (Require a valid response)
- Require All non-trusted status (Require a valid response for all non-trusted certificates in the server certificate chain)
Proxy
Only supported by devices that run Android 8.0 (or later).
- Static
- Host name: String
- Port number: Integer from 0 to 65535
- (Optional) List of hosts to bypass: String list
- Can include wildcards, e.g.
*.example.com, *.google.com
- Can include wildcards, e.g.
- PAC (Proxy Auto-Config)
- URL that points to a "PAC file": The file contains a JavaScript function
FindProxyForURL(url, host)
to dynamically decide whether to connect via a particular proxy server, or directly
- URL that points to a "PAC file": The file contains a JavaScript function