Back to top

ISV VPN client app requirements for communicating with the Knox SDK

Environment

  • Knox Platform for Enterprise
  • Knox VPN framework in the Knox SDK
  • Samsung Knox Developer access
  • VPN client developed by an independent software vendor (ISV)

Overview

With Knox Platform for Enterprise, ISVs can implement the Knox VPN Framework by connecting their VPN client app to the Knox SDK. This article provides information on how to achieve such an implementation and thus ensure a successful connection.

How to configure a VPN client app to communicate with Knox SDK

In the implementation of your VPN client app, it’s important to follow the proper configuration for establishing communication between a VPN client and MDM application.

In the following code samples we provide:

  1. Insert an intent filter for the Knox VPN into your app’s AppManifest.xml file:
<service
    android:name="BaseKnoxSettingsVpnService"
    android:exported="false">
    <intent-filter>
        <action android:name="com.samsung.myapplication.BIND_SERVICE_NEW" />
    </intent-filter>
</service>
  1. In the app itself, create a VPN service for Knox based on the Service class and bind the intent. Provided is a generic implementation with connection and certificate methods:
public class BaseKnoxSettingsVpnService extends Service {
    public static String TAG = "BaseKnoxSettingsVpnService";
    public BaseKnoxSettingsVpnService() {
    }

    @Override
    public IBinder onBind(Intent intent) {
        Log.v(TAG, "intent action value is " + intent.getAction());
        return mIKnoxVpnService;
    }

    private final IKnoxVpnService.Stub mIKnoxVpnService = new IKnoxVpnService.Stub() {
        public int createConnection(String jsonProfile) throws RemoteException {
            return 0;
        }

        public int removeConnection(String profileName) throws RemoteException {
            return 0;
        }

        public boolean setUserCertificate(String profileName, byte[] pkcs12Blob, String password) throws RemoteException {
            return true;
        }

        public boolean setCACertificate(String profileName, byte[] blob) throws RemoteException {
            return true;
        }

        public int startConnection(String profileName) throws RemoteException {
            return 0;
        }

        public int stopConnection(String profileName) throws RemoteException {
            return 0;
        }

        public int getState(String profileName) throws RemoteException {
            return 0;
        }

        public int getVpnModeOfOperation(String profileName) throws RemoteException {
            return 0;
        }

        @Override
        public boolean setServerCertValidationUserAcceptanceCriteria(String profileName, boolean enableValidation, List condition, int frequency) throws RemoteException {
            return true;
        }

        public int setVpnModeOfOperation(String profileName, int vpnMode) throws RemoteException {
            return 0;
        }

        public boolean setAutoRetryOnConnectionError(String profileName, boolean enable) throws RemoteException {
            return true;
        }

        public String getConnection(String profileName) throws RemoteException {
            Log.v(TAG, "getConnection");
            return null;
        }

        public List getAllConnections() throws RemoteException {
            Log.v(TAG, "getAllConnections");
            return null;
        }

        public String getErrorString(String profileName) throws RemoteException {
            Log.v(TAG, "getErrorString");
            return null;
        }
    };
}
  1. Create a folder structure to store the IknoxVpnServiceAIDL file in main/aidl/com/Samsung/android/knox/net/vpn/serviceprovider.

    IKnoxVpnServiceAIDL File Location

How to test communication between your VPN client app and the Knox SDK

After your app is deployed, to test if communication has been successfully established:

  1. On the Knox Partner Program console, click Knox Developers.

  2. Under SDK Tools, click Sample Apps.

  3. Download the VPN Policy sample app.

  4. Change the default value of VPN_PACKAGE_NAME to the name of your application package:

[String VPN_PACKAGE_NAME = "com.example.samplevpnclient"]
  1. Install the VPN Policy sample app on a device.

  2. Connect your VPN client and Knox SDK through the IknoxVpnService AIDL. If a connection is established between them, the VPN Policy app shows the message VPN operation successful.

Additional information

Back to KBAs

Is this page helpful?