Connect Android to WiFi Enterprise network EAP(PEAP)
I have been trying to connect my android device to an enterprise network programatically over the past few days without any success, I have been following multiple examples online, but most of the ones I find are for EAP(TLS) networks and the one where I work is EAP(PEAP), here is the type of network.
802.1x EAP
EAP method: PEAP
Phase 2 Authentication: MSCHAPV2
the authentication always fails and logcat doesn't indicate me where the problem is I just know it fails when the authentication is being performed.
Here is a copy of my current code and the logs from logcat where it fails:
/****************** CODE ******************************/
public class WPAActivity extends LauncherActivity
{
private static final String TAG = "WPAActivity";
/************* Definitions to find variables ***************************/
private static final String INT_PRIVATE_KEY = "private_key";
private static final String INT_PHASE2 = "phase2";
private static final String INT_PASSWORD = "password";
private static final String INT_IDENTITY = "identity";
private static final String INT_EAP = "eap";
private static final String INT_CLIENT_CERT = "client_cert";
private static final String INT_CA_CERT = "ca_cert";
private static final String INT_ANONYMOUS_IDENTITY = "anonymous_identity";
final String INT_ENTERPRISEFIELD_NAME ="android.net.wifi.WifiConfiguration$EnterpriseField";
/************************************************************************/
/********************************Configuration Strings*********************/
final String ENTERPRISE_EAP = "PEAP";
final String ENTERPRISE_CLIENT_CERT = "";
final String ENTERPRISE_PRIV_KEY = "";
final String ENTERPRISE_PHASE2 = "\"MSCHAPV2\"";
final String ENTERPRISE_ANON_IDENT = "";
final String ENTERPRISE_CA_CERT = "";
final String userName = "\"my Username";
final String passString = "\"my Password\"";
/**************************************************************************/
/** Called when the activity is first created. */
@Override
public void onCreate(Bundle savedInstanceState)
{
super.onCreate(savedInstanceState);
setContentView(R.layout.main);
WifiManager wifi = (WifiManager) getSystemService(Context.WIFI_SERVICE);
WifiConfiguration wc = new WifiConfiguration();
wc.SSID = "\"mySSID\"";
wc.preSharedKey = "\"my Password\"";
wc.hiddenSSID = true;
wc.status = WifiConfiguration.Status.ENABLED;
wc.allowedKeyManagement.clear();
wc.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.IEEE8021X);
wc.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.WPA_EAP);
/*Group Ciphers*/
wc.allowedGroupCiphers.clear();
wc.allowedPairwiseCiphers.set(WifiConfiguration.PairwiseCipher.CCMP);
wc.allowedPairwiseCiphers.set(WifiConfiguration.PairwiseCipher.TKIP);
/*Protocols*/
wc.allowedProtocols.clear();
wc.allowedProtocols.set(WifiConfiguration.Protocol.RSN);
wc.allowedProtocols.set(WifiConfiguration.Protocol.WPA);
Class[] enterpriseFieldArray = WifiConfiguration.class.getClasses();
Class<?> enterpriseFieldClass = null;
for(Class<?> myClass : enterpriseFieldArray)
{
if(myClass.getName().equals(INT_ENTERPRISEFIELD_NAME))
{
enterpriseFieldClass = myClass;
break;
}
}
Log.d(TAG, "class chosen " + enterpriseFieldClass.getName() );
Field anonymousId = null, caCert = null, clientCert = null,
eap = null, identity = null, password = null,
phase2 = null, privateKey = null;
Field[] fields = WifiConfiguration.class.getFields();
for (Field tempField : fields)
{
if (tempField.getName().trim().equals(INT_ANONYMOUS_IDENTITY))
{
anonymousId = tempField;
Log.d(TAG, "field " + anonymousId.getName() );
}
else if (tempField.getName().trim().equals(INT_CA_CERT))
{
caCert = tempField;
}
else if (tempField.getName().trim().equals(INT_CA_CERT))
{
}
else if (tempField.getName().trim().equals(INT_CLIENT_CERT))
{
clientCert = tempField;
Log.d(TAG, "field " + clientCert.getName() );
}
else if (tempField.getName().trim().equals(INT_EAP))
{
eap = tempField;
Log.d(TAG, "field " + eap.getName() );
}
else if (tempField.getName().trim().equals(INT_IDENTITY))
{
identity = tempField;
Log.d(TAG, "field " + identity.getName() );
}
else if (tempField.getName().trim().equals(INT_PASSWORD))
{
password = tempField;
Log.d(TAG, "field " + password.getName() );
}
else if (tempField.getName().trim().equals(INT_PHASE2))
{
phase2 = tempField;
Log.d(TAG, "field " + phase2.getName() );
}
else if (tempField.getName().trim().equals(INT_PRIVATE_KEY))
{
privateKey = tempField;
}
}
Method setValue = null;
for(Method m: enterpriseFieldClass.getMethods())
{
if(m.getName().trim().equals("setValue"))
{
Log.d(TAG, "method " + m.getName() );
setValue = m;
break;
}
}
try
{
// EAP
setValue.invoke(eap.get(wc), ENTERPRISE_EAP);
// EAP Phase 2
setValue.invoke(phase2.get(wc), ENTERPRISE_PHASE2);
// EAP Anonymous Id
setValue.invoke(anonymousId.get(wc), ENTERPRISE_ANON_IDENT);
// EAP CA Certificate
setValue.invoke(caCert.get(wc), ENTERPRISE_CA_CERT);
// Private Key
setValue.invoke(privateKey.get(wc), ENTERPRISE_PRIV_KEY);
// EAP Identity
setValue.invoke(identity.get(wc), userName);
// EAP Password
setValue.invoke(password.get(wc), passString);
// EAP Client certificate
setValue.invoke(clientCert.get(wc), ENTERPRISE_CLIENT_CERT);
}
catch (Exception e)
{
}
Log.d("WifiPreference", "2");
int res = wifi.addNetwork(wc);
Log.d("WifiPreference", "add Network returned " + res );
boolean b = wifi.enableNetwork(res, true);
Log.d("WifiPreference", "enableNetwork returned " + b );
}
}
and these are the logs indicating where the connection attempt fails
/************************And here are the logs********************/
02-09 09:23:30.514: I/ActivityManager(2084): Displayed activity com.test.wpa/.WPAActivity: 445 ms (total 445 ms)
02-09 09:23:31.514: I/wpa_supplicant(27633): CTRL-EVENT-SCAN-RESULTS Ready
02-09 09:23:31.514: I/wpa_supplicant(27633): Trying to associate with 00:1c:0f:82:04:e0 (SSID='*****' freq=2437 MHz)
02-09 09:23:31.514: I/wpa_supplicant(27633): CTRL-EVENT-STATE-CHANGE id=-1 state=3
02-09 09:23:31.649: V/WifiMonitor(2084): Event [Trying to associate with 00:1c:0f:82:04:e0 (SSID='*****' freq=2437 MHz)]
02-09 09:23:31.649: V/WifiMonitor(2084): Event [CTRL-EVENT-STATE-CHANGE id=-1 state=3]
02-09 09:23:31.654: V/WifiStateTracker(2084): Changing supplicant state: SCANNING ==> ASSOCIATING
02-09 09:23:31.654: D/NetworkStateTracker(2084): setDetailed state, old =SCANNING and new state=CONNECTING
02-09 09:23:31.659: D/ConnectivityService(2084): ConnectivityChange for WIFI: CONNECTING/CONNECTING
02-09 09:23:32.621: I/wpa_supplicant(27633): CTRL-EVENT-STATE-CHANGE id=0 state=4
02-09 09:23:32.621: V/WifiMonitor(2084): Event [CTRL-EVENT-STATE-CHANGE id=0 state=4]
02-09 09:23:32.624: I/wpa_supplicant(27633): Associated with 00:1c:0f:82:04:e0
02-09 09:23:32.624: I/wpa_supplicant(27633): CTRL-EVENT-EAP-STARTED EAP authentication started
02-09 09:23:32.629: V/WifiMonitor(2084): Event [Associated with 00:1c:0f:82:04:e0]
**02-09 09:23:32.629: V/WifiMonitor(2084): Event [CTRL-EVENT-EAP-STARTED EAP authentication started]**
02-09 09:23:32.629: V/WifiStateTracker(2084): Changing supplicant state: ASSOCIATING ==> ASSOCIATED
**02-09 09:23:32.629: D/NetworkStateTracker(2084): setDetailed state, old =CONNECTING and new state=CONNECTING**
**02-09 09:23:32.634: I/wpa_supplicant(27633): CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys**
02-09 09:23:32.644: I/wpa_supplicant(27633): CTRL-EVENT-STATE-CHANGE id=0 state=0
**02-09 09:23:32.644: V/WifiMonitor(2084): Event [CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys]**
02-09 09:23:32.644: V/WifiMonitor(2084): Event [CTRL-EVENT-STATE-CHANGE id=0 state=0]
I couldn’t find examples online about EAP (PEAP) authentication programmatically, I have tried changing the WiFi configuration with no success. Any Ideas or helpful sites/examples on how to connect to a Enterprise network EAP (PEAP), or can someone point me in the right direction?
Answer
Finally, I've defeated my CiSCO EAP-FAST corporate wifi network, and all our Android devices are now able to connect to it.
The walk-around I've performed in order to gain access to this kind of networks from an Android device are easiest than you can imagine.
There's a Wifi Config Editor in the Google Play Store you can use to "activate" the secondary CISCO Protocols when you are setting up a EAP wifi connection.
Its name is Wifi Config Advanced Editor.
First, you have to setup your wireless network manually as close as you can to your "official" corporate wifi parameters.
Save it.
Go to the WCE and edit the parameters of the network you have created in the previous step.
There are 3 or 4 series of settings you should activate in order to force the Android device to use them as a way to connect (the main site I think you want to visit is Enterprise Configuration, but don't forget to check all the parameters to change them if needed.
As a suggestion, even if you have a WPA2 EAP-FAST Cipher, try LEAP in your setup. It worked for me as a charm.When you finished to edit the config, go to the main Android wifi controller, and force to connect to this network.
Do not Edit the network again with the Android wifi interface.
I have tested it on Samsung Galaxy 1 and 2, Note mobile devices, and on a Lenovo Thinkpad Tablet.