public class

AuthenticationConfig

extends Object
implements Parcelable
java.lang.Object
   ↳ com.samsung.android.knox.container.AuthenticationConfig

Deprecated in API level 33

Class Overview

This class contains all the configuration information related authenticating a user based on his/her enterprise identity. An admin can use this class to configure lock type using the user's enterprise identity information. The class contains details including identity server configuration and enterprise identity option enforcement specifications. For usage, refer com.samsung.android.knox.container.BasePasswordPolicy#setEnterpriseIdentityAuthentication(AuthenticationConfig).

Since
API level 15
MDM 5.4

Summary

Nested Classes
class AuthenticationConfig.AuthenticationRequestKeys Deprecated in API level 33  
Constants
int ERROR_AUTHENTICATOR_PACKAGE_NOT_INSTALLED Deprecated in API level 33
int ERROR_AUTHENTICATOR_SIGNATURE_MISMATCH Deprecated in API level 33
int ERROR_INTERNAL_FAIL Deprecated in API level 33
int ERROR_INVALID_INPUT Deprecated in API level 33
int ERROR_USER_NOT_AUTHORIZED Deprecated in API level 33
String SAMSUNG_KERBEROS_AUTHENTICATOR Deprecated in API level 33
int SUCCESS Deprecated in API level 33
[Expand]
Inherited Constants
From interface android.os.Parcelable
Public Constructors
AuthenticationConfig(boolean enforceRemoteAuthAlways, boolean enforceEnterpriseIdentityLock, boolean hideEnterpriseIdentityLock, String authenticatorPkgName, String authenticatorPkgSignature, Bundle authenticatorConfig)
Deprecated in API level 33
AuthenticationConfig()
Deprecated in API level 33
Public Methods
Bundle getAuthenticatorConfig()
Deprecated in API level 33
String getAuthenticatorPkgName()
Deprecated in API level 33
String getAuthenticatorPkgSignature()
Deprecated in API level 33
boolean getEnforceEnterpriseIdentityLock()
Deprecated in API level 33
boolean getEnforceRemoteAuthAlways()
Deprecated in API level 33
boolean getHideEnterpriseIdentityLock()
Deprecated in API level 33
void setAuthenticatorConfig(Bundle authenticatorConfig)
Deprecated in API level 33
void setAuthenticatorPkgName(String authenticatorPkgName)
Deprecated in API level 33
void setAuthenticatorPkgSignature(String authenticatorPkgSignature)
Deprecated in API level 33
void setEnforceRemoteAuthAlways(boolean enforceRemoteAuthAlways)
Deprecated in API level 33
void setForceEnterpriseIdentityLock(boolean enforceEnterpriseIdentityLock)
Deprecated in API level 33
void setHideEnterpriseIdentityLock(boolean hideEnterpriseIdentityLock)
Deprecated in API level 33
[Expand]
Inherited Methods
From class java.lang.Object
From interface android.os.Parcelable

Constants

public static final int ERROR_AUTHENTICATOR_PACKAGE_NOT_INSTALLED

Since: API level 15

Deprecated in API level 33

The enterprise identity authenticator package is not installed.

Since
API level 15
MDM 5.4
Constant Value: -4 (0xfffffffc)

public static final int ERROR_AUTHENTICATOR_SIGNATURE_MISMATCH

Since: API level 15

Deprecated in API level 33

The signature of the authenticator provided does not match that of the authenticator installed on the device.

Since
API level 15
MDM 5.4
Constant Value: -13 (0xfffffff3)

public static final int ERROR_INTERNAL_FAIL

Since: API level 15

Deprecated in API level 33

Unable to complete request due to internal failure.

Since
API level 15
MDM 5.4
Constant Value: -1 (0xffffffff)

public static final int ERROR_INVALID_INPUT

Since: API level 15

Deprecated in API level 33

Received invalid input.

Since
API level 15
MDM 5.4
Constant Value: -3 (0xfffffffd)

public static final int ERROR_USER_NOT_AUTHORIZED

Since: API level 15

Deprecated in API level 33

The caller doesn't have enough permission or privilege to perform the request

Since
API level 15
MDM 5.4
Constant Value: -2 (0xfffffffe)

public static final String SAMSUNG_KERBEROS_AUTHENTICATOR

Since: API level 15

Deprecated in API level 33

Package name of the Samsung Kerberos authenticator.

Since
API level 15
MDM 5.4
Constant Value: "com.sec.android.service.singlesignon"

public static final int SUCCESS

Since: API level 15

Deprecated in API level 33

Return value upon success.

Since
API level 15
MDM 5.4
Constant Value: 0 (0x00000000)

Public Constructors

public AuthenticationConfig (boolean enforceRemoteAuthAlways, boolean enforceEnterpriseIdentityLock, boolean hideEnterpriseIdentityLock, String authenticatorPkgName, String authenticatorPkgSignature, Bundle authenticatorConfig)

Since: API level 15

Deprecated in API level 33

Constructor with parameters for AuthenticationConfig

Parameters
enforceRemoteAuthAlways Flag to indicate that every authentication request by the user must be completed by the network(remote) server and not by local verification. The admin should note that if the value is set to true and the remote authentication server is unreachable (due to network fail/busy etc.), the user will not be able to login to the container.
enforceEnterpriseIdentityLock Flag to indicate whether the Enterprise Identity lock needs to be enforced on the device. The setting of this flag will lead to the enforcement of authentication using enterprise ID alone and the disabling of lock type options(such as PIN/Password/etc). The default value of this flag is set to false i.e., by default, enterprise ID is not enforced.
hideEnterpriseIdentityLock Flag to indicate whether the Enterprise Identity lock option needs to be hidden in the list of lock type options. If set to false, enterprise identity will be shown as one of the options available to the user for unlocking the container. The default value of this flag is false, i.e., by default, enterprise ID is shown in the list of options to the user if the authenticator package is installed.
authenticatorPkgName Package name of the authenticator. The Kerberos authenticator package name can be obtained by the SAMSUNG_KERBEROS_AUTHENTICATOR variable.
authenticatorPkgSignature Signature of the authenticator package. The signature value IS OPTIONAL and provides a signature level security check when included. However, the check is ignored if the signature value is not present.
authenticatorConfig Bundle containing the configuration values needed to authenticate users. These include server URL, domain URL, authentication lifetime etc. The keys for the bundle can be derived from the AuthenticationConfig.AuthenticationRequestKeys class.
Usage
An administrator can use this constructor to create authenticationConfig object.
Since
API level 15
MDM 5.4

public AuthenticationConfig ()

Since: API level 15

Deprecated in API level 33

Constructor to create Enterprise Identity object with default values

Usage
An administrator can use this constructor to create Enterprise Identity object with default values.
For Container:
 AuthenticationConfig mConfig = new AuthenticationConfig();
 
Since
API level 15
MDM 5.4

Public Methods

public Bundle getAuthenticatorConfig ()

Since: API level 15

Deprecated in API level 33

API to get Enterprise Identity configuration

Returns
  • Configuration information needed to perform authentication.
Usage
An administrator can use this api to get Enterprise Identity configuration
For Container:
 AuthenticationConfig mConfig = new AuthenticationConfig();
 Bundle authenticatorConfig = mConfig.getAuthenticatorConfig();
 
Since
API level 15
MDM 5.4

public String getAuthenticatorPkgName ()

Since: API level 15

Deprecated in API level 33

API to get Enterprise Identity authenticator package name.

Returns
  • package name of the authenticator.
Usage
An administrator can use this api to get Enterprise Identity authenticator package name.
For Container:
 AuthenticationConfig mConfig = new AuthenticationConfig();
 String authenticatorPkgName = mConfig.getAuthenticatorPkgName();
 
Since
API level 15
MDM 5.4

public String getAuthenticatorPkgSignature ()

Since: API level 15

Deprecated in API level 33

API to get Enterprise Identity authenticator package signature.

Returns
  • Signature of the authenticator package in the form of a string.
Usage
An administrator can use this api to get Enterprise Identity authenticator package signature.
For Container:
 AuthenticationConfig mConfig = new AuthenticationConfig();
 String authenticatorPkgSignature = mConfig.getAuthenticatorPkgSignature();
 
Since
API level 15
MDM 5.4

public boolean getEnforceEnterpriseIdentityLock ()

Since: API level 15

Deprecated in API level 33

API to get the current enforcement state of enterprise identity lock.

Returns
  • true if Enterprise Identity lock option is enforced, else false.
Usage
An administrator can use this api to get the current enforcement state of enterprise identity lock.
For Container:
 AuthenticationConfig mConfig = new AuthenticationConfig();
 boolean enforceEnterpriseIdentityLock = mConfig.getEnforceEnterpriseIdentityLock();
 
Since
API level 15
MDM 5.4

public boolean getEnforceRemoteAuthAlways ()

Since: API level 15

Deprecated in API level 33

API to get the type of Enterprise Identity authentication that has been currently configured.

Returns
  • true if every unlock attempt must wait for remote (network) authentication response before unlock, else false.
Usage
An administrator can use this api to get the type of Enterprise Identity authentication that has been currently configured.
For Container:
 AuthenticationConfig mConfig = new AuthenticationConfig();
 boolean enforceRemoteAuthAlways = mConfig.getEnforceRemoteAuthAlways();
 
Since
API level 15
MDM 5.4

public boolean getHideEnterpriseIdentityLock ()

Since: API level 15

Deprecated in API level 33

API to get the current UI state of enterprise identity.

Returns
  • true if Enterprise Identity lock option is hidden from user access. false if Enterprise Identity lock option is not hidden and available on lock types
Usage
An administrator can use this api to get the current UI state of enterprise identity.
For Container:
 AuthenticationConfig mConfig = new AuthenticationConfig();
 boolean hideEnterpriseIdentityLock = mConfig.getHideEnterpriseIdentityLock();
 
Since
API level 15
MDM 5.4

public void setAuthenticatorConfig (Bundle authenticatorConfig)

Since: API level 15

Deprecated in API level 33

API to set Enterprise Identity configuration.

Parameters
authenticatorConfig Bundle containing the configuration values needed to authenticate users. These include server URL, domain URL, authentication lifetime etc. The keys for the bundle can be derived from the AuthenticationConfig.AuthenticationRequestKeys class.
Usage
An administrator can use this api to set Enterprise Identity configuration. Default value is set to null if the API is not called.
For Container:
 AuthenticationConfig mConfig = new AuthenticationConfig();
 Bundle authBundle  = new Bundle();
 authBundle.putString ("LIBDEFAULTS_DEFAULT_REALM", "SISOIDP.IN");
 authBundle.putString ("FEDERATION_SERVER_URL", "idpsrv.sisoidp.in");
 mConfig.setAuthenticatorConfig(authBundle);
 
Since
API level 15
MDM 5.4

public void setAuthenticatorPkgName (String authenticatorPkgName)

Since: API level 15

Deprecated in API level 33

API to set Enterprise Identity authenticator package name.

Parameters
authenticatorPkgName package name of the authenticator.
Usage
An administrator can use this api to set Enterprise Identity authenticator package name. Default package name is null if the method is not called.The SAMSUNG_KERBEROS_AUTHENTICATOR will be used as the default authenticator for enterprise identity authentication if no package name is provided.
For Container:
 AuthenticationConfig mConfig = new AuthenticationConfig();
 mConfig.setAuthenticatorPkgName("com.samsung.android.testapp");
 
Since
API level 15
MDM 5.4

public void setAuthenticatorPkgSignature (String authenticatorPkgSignature)

Since: API level 15

Deprecated in API level 33

API to set Enterprise Identity authenticator package signature

Parameters
authenticatorPkgSignature Signature of the authenticator package.
Usage
An administrator can use this api to set Enterprise Identity authenticator package signature. Default value is null if the method is not called.
For Container:
 AuthenticationConfig mConfig = new AuthenticationConfig();
 String mSignature = "3082035430820312a003020102020458491787300b06072a8648ce3804030500307c310b3009060
                                   35504061302494e31123010060355040813094b61726e6174616b61311230100603550407130942"
 mConfig.setAuthenticatorPkgSignature(mSignature);
 
Since
API level 15
MDM 5.4

public void setEnforceRemoteAuthAlways (boolean enforceRemoteAuthAlways)

Since: API level 15

Deprecated in API level 33

API to set flag to indicate every unlock request must wait for remote (network) authentication response.

Parameters
enforceRemoteAuthAlways Boolean value to suggest every unlock attempt must wait for remote (network) authentication response else local authentication(on device) is sufficient to unlock.
Usage
An administrator can use this api to set flag to indicate every unlock request must wait for remote (network)authentication response. Default value is false, i.e., the system will rely on a local credential check and login the user if it succeeds (network check will be passively performed if network is available). Admin should aware that user can't unlock if the value is set to true and device can't contact Enterprise Identity server ( due to no network, server down/busy, etc)
For Container:
 AuthenticationConfig mConfig = new AuthenticationConfig();
 mConfig.setEnforceRemoteAuthAlways(true);
 
Since
API level 15
MDM 5.4

public void setForceEnterpriseIdentityLock (boolean enforceEnterpriseIdentityLock)

Since: API level 15

Deprecated in API level 33

API to set the state of enterprise identity enforcement.

Parameters
enforceEnterpriseIdentityLock Boolean value to enforce the usage of enterprise identity as the only option.
Usage
An administrator can use this api to set the state of enterprise identity enforcement. If it set to true, the enterprise identity lock option will be the only option available as lock type to users and all other options (PIN/Password etc.) will be unavailable.Default value is false if this API is not called.
For Container:
 AuthenticationConfig mConfig = new AuthenticationConfig();
 mConfig.setForceEnterpriseIdentityLock(true);
 
Since
API level 15
MDM 5.4

public void setHideEnterpriseIdentityLock (boolean hideEnterpriseIdentityLock)

Since: API level 15

Deprecated in API level 33

API to set the UI state of enterprise identity.

Parameters
hideEnterpriseIdentityLock Boolean value to allow the enterprise identity option to be hidden in the list. else not hidden
Usage
An administrator can use this api to set the UI state of enterprise identity. If it set to false, the enterprise identity lock option be shown as part of available lock types and user is allowed to set enterprise identity as lock type. Default value is false if this API is not called.
Since
API level 15
MDM 5.4