I believe, HTTPS redirection needs be disabled by default to be able to make sure "unzip and run" use-cases work smoothly. For instance, say some user who intends to evaluate the product downloads it and tries to get a simple device management flow running end-to-end. Enforcing an additional step to set up certs at the server-end matching an applicable CN, and then getting those installed into the devices would not quite make things easy, particularly to such evaluation users, which makes it a valid case to have HTTPs disabled by default IMO.
On the other hand, should someone put things in production, then they'd have to enable HTTPS as part of the recommended deployment practices. We, however, need to carefully look at this particular aspect as well, as it might make things tedious for someone to go and manually enable this for all plugin-based JAX-RS services one by one. Have we tried any mechanism to probably do this in one-go at tomcat level (since it's hard to foresee anyone wanting to access part of the services over HTTPS while the rest exposed over HTTP)? Cheers, Prabath On Monday, October 12, 2015, Milan Perera <mi...@wso2.com> wrote: > Hi Dileesha, > > The reason to fail Android enrollment at that stage because of the https > redirection that is enabled in the *mdm-android-agent *jax-rs. > Ex: *web.xml* > > <security-constraint> > <web-resource-collection> > <web-resource-name>MDM-Android</web-resource-name> > <url-pattern>/*</url-pattern> > </web-resource-collection> > <user-data-constraint> > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > </user-data-constraint> > </security-constraint> > > So in order to call the APIs of this service, Android agent has to be > configured for SSL by adding a BKS file (*emm_truststore.bks*) to the > *res/raw/* folder of the *IDPProxy* > module of the agent. > > Regards, > > On Mon, Oct 12, 2015 at 7:40 PM, Sachith Punchihewa <sachi...@wso2.com> > wrote: > >> Hi Dileesha, >> >> The issue might be in the server.This happens when the server not >> returning the full certificate chain.Try changing that. >> For more information refer [1] and [2]. >> >> [1]. http://superuser.com/questions/347588/how-do-ssl-chains-work >> [2]. >> http://stackoverflow.com/questions/13862908/ssl-certificate-is-not-trusted-on-mobile-only >> >> Thanks & Regards. >> >> Kamidu Sachith Punchihewa >> *Software Engineer* >> WSO2, Inc. >> lean . enterprise . middleware >> Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194> >> >> >> Disclaimer: This communication may contain privileged or other >> confidential information and is intended exclusively for the addressee/s. >> If you are not the intended recipient/s, or believe that you may have >> received this communication in error, please reply to the sender indicating >> that fact and delete the copy you received and in addition, you should not >> print, copy, retransmit, disseminate, or otherwise use the information >> contained in this communication. Internet communications cannot be >> guaranteed to be timely, secure, error or virus-free. The sender does not >> accept liability for any errors or omissions. >> >> On Mon, Oct 12, 2015 at 5:56 PM, Dileesha Rajapakse <dilee...@wso2.com> >> wrote: >> >>> Hi, >>> >>> The Android Enrollment fails and produces the error below. >>> >>> 10-12 17:42:06.494 7068-10049/org.wso2.emm.agent E/ServerUtilities﹕ >>> Error occurred while sending 'Post' request due to failure of server >>> connection >>> 10-12 17:42:06.504 7068-10049/org.wso2.emm.agent >>> E/DynamicClientManager﹕ Failed to contact server >>> org.wso2.emm.agent.proxy.IDPTokenManagerException: Error occurred >>> while sending 'Post' request due to failure of server connection >>> at >>> org.wso2.emm.agent.proxy.utils.ServerUtilities.sendPostRequest(ServerUtilities.java:252) >>> at >>> org.wso2.emm.agent.proxy.utils.ServerUtilities.postData(ServerUtilities.java:142) >>> at >>> org.wso2.emm.agent.services.DynamicClientManager$SendRequest.doInBackground(DynamicClientManager.java:137) >>> at >>> org.wso2.emm.agent.services.DynamicClientManager$SendRequest.doInBackground(DynamicClientManager.java:125) >>> at android.os.AsyncTask$2.call(AsyncTask.java:288) >>> at java.util.concurrent.FutureTask.run(FutureTask.java:237) >>> at >>> android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231) >>> at >>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112) >>> at >>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587) >>> at java.lang.Thread.run(Thread.java:818) >>> *Caused by: javax.net.ssl.SSLPeerUnverifiedException: No peer >>> certificate* >>> at >>> com.android.org.conscrypt.SSLNullSession.getPeerCertificates(SSLNullSession.java:104) >>> at >>> org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:93) >>> at >>> org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:388) >>> at >>> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:214) >>> at >>> org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:167) >>> at >>> org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:125) >>> at >>> org.apache.http.impl.client.DefaultRequestDirector.executeOriginal(DefaultRequestDirector.java:1292) >>> at >>> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:700) >>> at >>> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:691) >>> at >>> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:514) >>> at >>> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:492) >>> at >>> org.wso2.emm.agent.proxy.utils.ServerUtilities.sendPostRequest(ServerUtilities.java:235) >>> at >>> org.wso2.emm.agent.proxy.utils.ServerUtilities.postData(ServerUtilities.java:142) >>> at >>> org.wso2.emm.agent.services.DynamicClientManager$SendRequest.doInBackground(DynamicClientManager.java:137) >>> at >>> org.wso2.emm.agent.services.DynamicClientManager$SendRequest.doInBackground(DynamicClientManager.java:125) >>> at android.os.AsyncTask$2.call(AsyncTask.java:288) >>> at java.util.concurrent.FutureTask.run(FutureTask.java:237) >>> at >>> android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231) >>> at >>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112) >>> at >>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587) >>> at java.lang.Thread.run(Thread.java:818) >>> >>> One of the causes could be a conflict in resolving "http" and "https" at >>> the back-end. >>> >>> Thank You >>> -- >>> Dileesha Rajapakse >>> *Intern - Engineering* >>> Mobile : +94 (0) 772 555 933 >>> Tel : +94 112 741 505 >>> dilee...@wso2.com >>> >> >> > > > -- > *Milan Harindu Perera *| Software Engineer > WSO2, Inc | lean. enterprise. middleware. > #20, Palm Grove, Colombo 03, Sri Lanka > Mobile: +94 77 309 7088 | Work: +94 11 214 5345 > Email: mi...@wso2.com | Web: www.wso2.com > <http://lk.linkedin.com/in/milanharinduperera> >
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
