public class

AuthenticationConfig

extends Object
implements Parcelable
java.lang.Object
   ↳ com.samsung.android.knox.container.AuthenticationConfig

Class Overview

This class contains all the configuration information related authenticating a user based on his/her enterprise identity. An admin can use this class to configure lock type using the user's enterprise identity information. The class contains details including identity server configuration and enterprise identity option enforcement specifications. For usage, refer com.samsung.android.knox.container.BasePasswordPolicy#setEnterpriseIdentityAuthentication(AuthenticationConfig).

Since
API level 15
MDM 5.4

Summary

Nested Classes
class AuthenticationConfig.AuthenticationRequestKeys This class contains a set of string constants which serve as keys to provide the parameters needed to authenticate users. 
Constants
int ERROR_AUTHENTICATOR_PACKAGE_NOT_INSTALLED The enterprise identity authenticator package is not installed.
int ERROR_AUTHENTICATOR_SIGNATURE_MISMATCH The signature of the authenticator provided does not match that of the authenticator installed on the device.
int ERROR_INTERNAL_FAIL Unable to complete request due to internal failure.
int ERROR_INVALID_INPUT Received invalid input.
int ERROR_USER_NOT_AUTHORIZED The caller doesn't have enough permission or privilege to perform the request
String SAMSUNG_KERBEROS_AUTHENTICATOR Package name of the Samsung Kerberos authenticator.
int SUCCESS Return value upon success.
[Expand]
Inherited Constants
From interface android.os.Parcelable
Public Constructors
AuthenticationConfig(boolean enforceRemoteAuthAlways, boolean enforceEnterpriseIdentityLock, boolean hideEnterpriseIdentityLock, String authenticatorPkgName, String authenticatorPkgSignature, Bundle authenticatorConfig)
Constructor with parameters for AuthenticationConfig
AuthenticationConfig()
Constructor to create Enterprise Identity object with default values
Public Methods
Bundle getAuthenticatorConfig()
API to get Enterprise Identity configuration
String getAuthenticatorPkgName()
API to get Enterprise Identity authenticator package name.
String getAuthenticatorPkgSignature()
API to get Enterprise Identity authenticator package signature.
boolean getEnforceEnterpriseIdentityLock()
API to get the current enforcement state of enterprise identity lock.
boolean getEnforceRemoteAuthAlways()
API to get the type of Enterprise Identity authentication that has been currently configured.
boolean getHideEnterpriseIdentityLock()
API to get the current UI state of enterprise identity.
void setAuthenticatorConfig(Bundle authenticatorConfig)
API to set Enterprise Identity configuration.
void setAuthenticatorPkgName(String authenticatorPkgName)
API to set Enterprise Identity authenticator package name.
void setAuthenticatorPkgSignature(String authenticatorPkgSignature)
API to set Enterprise Identity authenticator package signature
void setEnforceRemoteAuthAlways(boolean enforceRemoteAuthAlways)
API to set flag to indicate every unlock request must wait for remote (network) authentication response.
void setForceEnterpriseIdentityLock(boolean enforceEnterpriseIdentityLock)
API to set the state of enterprise identity enforcement.
void setHideEnterpriseIdentityLock(boolean hideEnterpriseIdentityLock)
API to set the UI state of enterprise identity.
[Expand]
Inherited Methods
From class java.lang.Object
From interface android.os.Parcelable

Constants

public static final int ERROR_AUTHENTICATOR_PACKAGE_NOT_INSTALLED

Since: Knox API Level 15

The enterprise identity authenticator package is not installed.

Since
API level 15
MDM 5.4
Constant Value: -4 (0xfffffffc)

public static final int ERROR_AUTHENTICATOR_SIGNATURE_MISMATCH

Since: Knox API Level 15

The signature of the authenticator provided does not match that of the authenticator installed on the device.

Since
API level 15
MDM 5.4
Constant Value: -13 (0xfffffff3)

public static final int ERROR_INTERNAL_FAIL

Since: Knox API Level 15

Unable to complete request due to internal failure.

Since
API level 15
MDM 5.4
Constant Value: -1 (0xffffffff)

public static final int ERROR_INVALID_INPUT

Since: Knox API Level 15

Received invalid input.

Since
API level 15
MDM 5.4
Constant Value: -3 (0xfffffffd)

public static final int ERROR_USER_NOT_AUTHORIZED

Since: Knox API Level 15

The caller doesn't have enough permission or privilege to perform the request

Since
API level 15
MDM 5.4
Constant Value: -2 (0xfffffffe)

public static final String SAMSUNG_KERBEROS_AUTHENTICATOR

Since: Knox API Level 15

Package name of the Samsung Kerberos authenticator.

Since
API level 15
MDM 5.4
Constant Value: "com.sec.android.service.singlesignon"

public static final int SUCCESS

Since: Knox API Level 15

Return value upon success.

Since
API level 15
MDM 5.4
Constant Value: 0 (0x00000000)

Public Constructors

public AuthenticationConfig (boolean enforceRemoteAuthAlways, boolean enforceEnterpriseIdentityLock, boolean hideEnterpriseIdentityLock, String authenticatorPkgName, String authenticatorPkgSignature, Bundle authenticatorConfig)

Since: Knox API Level 15

Constructor with parameters for AuthenticationConfig

Parameters
enforceRemoteAuthAlways Flag to indicate that every authentication request by the user must be completed by the network(remote) server and not by local verification. The admin should note that if the value is set to true and the remote authentication server is unreachable (due to network fail/busy etc.), the user will not be able to login to the container.
enforceEnterpriseIdentityLock Flag to indicate whether the Enterprise Identity lock needs to be enforced on the device. The setting of this flag will lead to the enforcement of authentication using enterprise ID alone and the disabling of lock type options(such as PIN/Password/etc). The default value of this flag is set to false i.e., by default, enterprise ID is not enforced.
hideEnterpriseIdentityLock Flag to indicate whether the Enterprise Identity lock option needs to be hidden in the list of lock type options. If set to false, enterprise identity will be shown as one of the options available to the user for unlocking the container. The default value of this flag is false, i.e., by default, enterprise ID is shown in the list of options to the user if the authenticator package is installed.
authenticatorPkgName Package name of the authenticator. The Kerberos authenticator package name can be obtained by the SAMSUNG_KERBEROS_AUTHENTICATOR variable.
authenticatorPkgSignature Signature of the authenticator package. The signature value IS OPTIONAL and provides a signature level security check when included. However, the check is ignored if the signature value is not present.
authenticatorConfig Bundle containing the configuration values needed to authenticate users. These include server URL, domain URL, authentication lifetime etc. The keys for the bundle can be derived from the AuthenticationConfig.AuthenticationRequestKeys class.
Usage
An administrator can use this constructor to create authenticationConfig object.
Since
API level 15
MDM 5.4

public AuthenticationConfig ()

Since: Knox API Level 15

Constructor to create Enterprise Identity object with default values

Usage
An administrator can use this constructor to create Enterprise Identity object with default values.
For Container:
 AuthenticationConfig mConfig = new AuthenticationConfig();
 
Since
API level 15
MDM 5.4

Public Methods

public Bundle getAuthenticatorConfig ()

Since: Knox API Level 15

API to get Enterprise Identity configuration

Returns
  • Configuration information needed to perform authentication.
Usage
An administrator can use this api to get Enterprise Identity configuration
For Container:
 AuthenticationConfig mConfig = new AuthenticationConfig();
 Bundle authenticatorConfig = mConfig.getAuthenticatorConfig();
 
Since
API level 15
MDM 5.4

public String getAuthenticatorPkgName ()

Since: Knox API Level 15

API to get Enterprise Identity authenticator package name.

Returns
  • package name of the authenticator.
Usage
An administrator can use this api to get Enterprise Identity authenticator package name.
For Container:
 AuthenticationConfig mConfig = new AuthenticationConfig();
 String authenticatorPkgName = mConfig.getAuthenticatorPkgName();
 
Since
API level 15
MDM 5.4

public String getAuthenticatorPkgSignature ()

Since: Knox API Level 15

API to get Enterprise Identity authenticator package signature.

Returns
  • Signature of the authenticator package in the form of a string.
Usage
An administrator can use this api to get Enterprise Identity authenticator package signature.
For Container:
 AuthenticationConfig mConfig = new AuthenticationConfig();
 String authenticatorPkgSignature = mConfig.getAuthenticatorPkgSignature();
 
Since
API level 15
MDM 5.4

public boolean getEnforceEnterpriseIdentityLock ()

Since: Knox API Level 15

API to get the current enforcement state of enterprise identity lock.

Returns
  • true if Enterprise Identity lock option is enforced, else false.
Usage
An administrator can use this api to get the current enforcement state of enterprise identity lock.
For Container:
 AuthenticationConfig mConfig = new AuthenticationConfig();
 boolean enforceEnterpriseIdentityLock = mConfig.getEnforceEnterpriseIdentityLock();
 
Since
API level 15
MDM 5.4

public boolean getEnforceRemoteAuthAlways ()

Since: Knox API Level 15

API to get the type of Enterprise Identity authentication that has been currently configured.

Returns
  • true if every unlock attempt must wait for remote (network) authentication response before unlock, else false.
Usage
An administrator can use this api to get the type of Enterprise Identity authentication that has been currently configured.
For Container:
 AuthenticationConfig mConfig = new AuthenticationConfig();
 boolean enforceRemoteAuthAlways = mConfig.getEnforceRemoteAuthAlways();
 
Since
API level 15
MDM 5.4

public boolean getHideEnterpriseIdentityLock ()

Since: Knox API Level 15

API to get the current UI state of enterprise identity.

Returns
  • true if Enterprise Identity lock option is hidden from user access. false if Enterprise Identity lock option is not hidden and available on lock types
Usage
An administrator can use this api to get the current UI state of enterprise identity.
For Container:
 AuthenticationConfig mConfig = new AuthenticationConfig();
 boolean hideEnterpriseIdentityLock = mConfig.getHideEnterpriseIdentityLock();
 
Since
API level 15
MDM 5.4

public void setAuthenticatorConfig (Bundle authenticatorConfig)

Since: Knox API Level 15

API to set Enterprise Identity configuration.

Parameters
authenticatorConfig Bundle containing the configuration values needed to authenticate users. These include server URL, domain URL, authentication lifetime etc. The keys for the bundle can be derived from the AuthenticationConfig.AuthenticationRequestKeys class.
Usage
An administrator can use this api to set Enterprise Identity configuration. Default value is set to null if the API is not called.
For Container:
 AuthenticationConfig mConfig = new AuthenticationConfig();
 Bundle authBundle  = new Bundle();
 authBundle.putString ("LIBDEFAULTS_DEFAULT_REALM", "SISOIDP.IN");
 authBundle.putString ("FEDERATION_SERVER_URL", "idpsrv.sisoidp.in");
 mConfig.setAuthenticatorConfig(authBundle);
 
Since
API level 15
MDM 5.4

public void setAuthenticatorPkgName (String authenticatorPkgName)

Since: Knox API Level 15

API to set Enterprise Identity authenticator package name.

Parameters
authenticatorPkgName package name of the authenticator.
Usage
An administrator can use this api to set Enterprise Identity authenticator package name. Default package name is null if the method is not called.The SAMSUNG_KERBEROS_AUTHENTICATOR will be used as the default authenticator for enterprise identity authentication if no package name is provided.
For Container:
 AuthenticationConfig mConfig = new AuthenticationConfig();
 mConfig.setAuthenticatorPkgName("com.samsung.android.testapp");
 
Since
API level 15
MDM 5.4

public void setAuthenticatorPkgSignature (String authenticatorPkgSignature)

Since: Knox API Level 15

API to set Enterprise Identity authenticator package signature

Parameters
authenticatorPkgSignature Signature of the authenticator package.
Usage
An administrator can use this api to set Enterprise Identity authenticator package signature. Default value is null if the method is not called.
For Container:
 AuthenticationConfig mConfig = new AuthenticationConfig();
 String mSignature = "3082035430820312a003020102020458491787300b06072a8648ce3804030500307c310b3009060
                                   35504061302494e31123010060355040813094b61726e6174616b61311230100603550407130942"
 mConfig.setAuthenticatorPkgSignature(mSignature);
 
Since
API level 15
MDM 5.4

public void setEnforceRemoteAuthAlways (boolean enforceRemoteAuthAlways)

Since: Knox API Level 15

API to set flag to indicate every unlock request must wait for remote (network) authentication response.

Parameters
enforceRemoteAuthAlways Boolean value to suggest every unlock attempt must wait for remote (network) authentication response else local authentication(on device) is sufficient to unlock.
Usage
An administrator can use this api to set flag to indicate every unlock request must wait for remote (network)authentication response. Default value is false, i.e., the system will rely on a local credential check and login the user if it succeeds (network check will be passively performed if network is available). Admin should aware that user can't unlock if the value is set to true and device can't contact Enterprise Identity server ( due to no network, server down/busy, etc)
For Container:
 AuthenticationConfig mConfig = new AuthenticationConfig();
 mConfig.setEnforceRemoteAuthAlways(true);
 
Since
API level 15
MDM 5.4

public void setForceEnterpriseIdentityLock (boolean enforceEnterpriseIdentityLock)

Since: Knox API Level 15

API to set the state of enterprise identity enforcement.

Parameters
enforceEnterpriseIdentityLock Boolean value to enforce the usage of enterprise identity as the only option.
Usage
An administrator can use this api to set the state of enterprise identity enforcement. If it set to true, the enterprise identity lock option will be the only option available as lock type to users and all other options (PIN/Password etc.) will be unavailable.Default value is false if this API is not called.
For Container:
 AuthenticationConfig mConfig = new AuthenticationConfig();
 mConfig.setForceEnterpriseIdentityLock(true);
 
Since
API level 15
MDM 5.4

public void setHideEnterpriseIdentityLock (boolean hideEnterpriseIdentityLock)

Since: Knox API Level 15

API to set the UI state of enterprise identity.

Parameters
hideEnterpriseIdentityLock Boolean value to allow the enterprise identity option to be hidden in the list. else not hidden
Usage
An administrator can use this api to set the UI state of enterprise identity. If it set to false, the enterprise identity lock option be shown as part of available lock types and user is allowed to set enterprise identity as lock type. Default value is false if this API is not called.
Since
API level 15
MDM 5.4