ISV VPN client app requirements for communicating with the Knox SDK
Environment
- Knox Platform for Enterprise
- Knox VPN framework in the Knox SDK
- Samsung Knox Developer access
- VPN client developed by an independent software vendor (ISV)
Overview
With Knox Platform for Enterprise, ISVs can implement the Knox VPN Framework by connecting their VPN client app to the Knox SDK. This article provides information on how to achieve such an implementation and thus ensure a successful connection.
How to configure a VPN client app to communicate with Knox SDK
In the implementation of your VPN client app, it’s important to follow the proper configuration for establishing communication between a VPN client and MDM application.
In the following code samples we provide:
- Insert an intent filter for the Knox VPN into your app’s
AppManifest.xmlfile:
<service
android:name="BaseKnoxSettingsVpnService"
android:exported="false">
<intent-filter>
<action android:name="com.samsung.myapplication.BIND_SERVICE_NEW" />
</intent-filter>
</service>
- In the app itself, create a VPN service for Knox based on the
Serviceclass and bind the intent. Provided is a generic implementation with connection and certificate methods:
public class BaseKnoxSettingsVpnService extends Service {
public static String TAG = "BaseKnoxSettingsVpnService";
public BaseKnoxSettingsVpnService() {
}
@Override
public IBinder onBind(Intent intent) {
Log.v(TAG, "intent action value is " + intent.getAction());
return mIKnoxVpnService;
}
private final IKnoxVpnService.Stub mIKnoxVpnService = new IKnoxVpnService.Stub() {
public int createConnection(String jsonProfile) throws RemoteException {
return 0;
}
public int removeConnection(String profileName) throws RemoteException {
return 0;
}
public boolean setUserCertificate(String profileName, byte[] pkcs12Blob, String password) throws RemoteException {
return true;
}
public boolean setCACertificate(String profileName, byte[] blob) throws RemoteException {
return true;
}
public int startConnection(String profileName) throws RemoteException {
return 0;
}
public int stopConnection(String profileName) throws RemoteException {
return 0;
}
public int getState(String profileName) throws RemoteException {
return 0;
}
public int getVpnModeOfOperation(String profileName) throws RemoteException {
return 0;
}
@Override
public boolean setServerCertValidationUserAcceptanceCriteria(String profileName, boolean enableValidation, List condition, int frequency) throws RemoteException {
return true;
}
public int setVpnModeOfOperation(String profileName, int vpnMode) throws RemoteException {
return 0;
}
public boolean setAutoRetryOnConnectionError(String profileName, boolean enable) throws RemoteException {
return true;
}
public String getConnection(String profileName) throws RemoteException {
Log.v(TAG, "getConnection");
return null;
}
public List getAllConnections() throws RemoteException {
Log.v(TAG, "getAllConnections");
return null;
}
public String getErrorString(String profileName) throws RemoteException {
Log.v(TAG, "getErrorString");
return null;
}
};
}
-
Create a folder structure to store the IknoxVpnServiceAIDL file in
main/aidl/com/Samsung/android/knox/net/vpn/serviceprovider.
How to test communication between your VPN client app and the Knox SDK
After your app is deployed, to test if communication has been successfully established:
-
On the Knox Partner Program console, click Knox Developers.
-
Under SDK Tools, click Sample Apps.
-
Download the VPN Policy sample app.
-
Change the default value of VPN_PACKAGE_NAME to the name of your application package:
[String VPN_PACKAGE_NAME = "com.example.samplevpnclient"]
-
Connect your VPN client and Knox SDK through the IknoxVpnService AIDL. If a connection is established between them, the VPN Policy app shows the message VPN operation successful.
Additional information
-
For more information about Knox SDK, refer to the Knox SDK API reference.
-
For more information about the IKnoxVpnService AIDL and its API, refer to the IKnoxVpnService AIDL file description.
On this page
Is this page helpful?