----- ====== Apple IOS and Hotspot 2.0/Passpoint ====== To be able to support Hotspot 2.0 one must send the passpoint profile to it's IOS device through email, airdrop, or HTTP. Once the profile has been received by the device, it will say profile downloaded. {{ :technical:img_0116.png?400 |}} Furthermore, if you go to VPN & Device Management (under General), you can find the profile under downloaded profile. {{ :technical:img_0117.png?400 |}} Press the profile installed and then you will see a "install profile" window where you can press on "install". The profile is not verified (due to Apple its stringe requirements to get something verified). One must not worry, the profiles config files are signed using OpenSSL to ensure authentication and data integrity. {{ :technical:img_0118.png?400 |}} Finally, when pressing install you must enter your passcode and press "install" again. {{ :technical:img_0119.png?400 |}} ==== A clarification on the contents of the passpoint profile ==== Here you can see the contents of the passpoint profile. The archaic letters preceding and succeeding the XML are a signature to make the profile signed. Furthermore, when looking at the content of the XML there a few noteworthy apple specific items: * HIDDEN_NETWORK -- Whether to broadcast the SSID or not, devices must know the SSID to connect to it. (type: Boolean) * Autojoin -- if true the user can join without tapping it everytime. (type: Boolean) * Encryptiontype -- The type of encryption one wants to use. (type: String) (options: WEP, WPA, WPA2, Any, and None) * isHotSpot -- the network is treated as a hotspot if true. (type: Boolean) * DomainName -- Identifies the service provider's domain. This is used by the client device during Hotspot 2.0 (Passpoint) negotiation. (type: String) * ServiceProviderRoamingEnabled -- Allows connection to roaming service providers if true. * NAIRealmNames -- NAI realm names used for Wi-Fi HotSpot 2.0. (type: Array of Strings) * DisplayedOperatorName -- Operator name to display when connected to network. (type: String) * ProxyType -- How proxy server is configured for the network. (type : String, values: None, Manual, Auto) * CaptiveBypass -- when connecting, bypass captive network detection or not. (type: Boolean) More information can be found in this Apple documentation: https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf PayloadDisplayName Wenley-HiFi-1.0.1 PayloadIdentifier tetrapi.radiusdesk-apple-4 PayloadRemovalDisallowed PayloadType Configuration PayloadUUID radiusdesk-apple-3 PayloadVersion 1 ExpirationDate 2029-06-22T11:45:30Z PayloadContent AutoJoin CaptiveBypass DisableAssociationMACRandomization DisplayedOperatorName HS2.0 Wenley-HiFi-1.0.1 DomainName radiusdesk.com EAPClientConfiguration AcceptEAPTypes 21 TLSTrustedServerNames uam.mesh-manager.com TTLSInnerAuthentication MSCHAPv2 UserName mathis@hotspottwo UserPassword testing123 OuterIdentity anonymous@hotspottwo EncryptionType WPA HIDDEN_NETWORK IsHotspot PayloadDescription Configure Passpoint for Tetrapi PayloadDisplayName Wi-Fi PayloadIdentifier com.apple.wifi.managed.radiusdesk-apple-2 PayloadType com.apple.wifi.managed PayloadUUID radiusdesk-apple-1 PayloadVersion 1 ProxyType None ServiceProviderRoamingEnabled %