Apple IOS and Hotspot 2.0/Passpoint

To be able to support Hotspot 2.0 one must send the passpoint profile to it's IOS device through email, airdrop, or HTTP. Once the profile has been received by the device, it will say profile downloaded.

Furthermore, if you go to VPN & Device Management (under General), you can find the profile under downloaded profile.

Press the profile installed and then you will see a “install profile” window where you can press on “install”. The profile is not verified (due to Apple its stringe requirements to get something verified). One must not worry, the profiles config files are signed using OpenSSL to ensure authentication and data integrity.

Finally, when pressing install you must enter your passcode and press “install” again.

A clarification on the contents of the passpoint profile

Here you can see the contents of the passpoint profile. The archaic letters preceding and succeeding the XML are a signature to make the profile signed. Furthermore, when looking at the content of the XML there a few noteworthy apple specific items:

  • HIDDEN_NETWORK – Whether to broadcast the SSID or not, devices must know the SSID to connect to it. (type: Boolean)
  • Autojoin – if true the user can join without tapping it everytime. (type: Boolean)
  • Encryptiontype – The type of encryption one wants to use. (type: String) (options: WEP, WPA, WPA2, Any, and None)
  • isHotSpot – the network is treated as a hotspot if true. (type: Boolean)
  • DomainName – Identifies the service provider's domain. This is used by the client device during Hotspot 2.0 (Passpoint) negotiation. (type: String)
  • ServiceProviderRoamingEnabled – Allows connection to roaming service providers if true.
  • NAIRealmNames – NAI realm names used for Wi-Fi HotSpot 2.0. (type: Array of Strings)
  • DisplayedOperatorName – Operator name to display when connected to network. (type: String)
  • ProxyType – How proxy server is configured for the network. (type : String, values: None, Manual, Auto)
  • CaptiveBypass – when connecting, bypass captive network detection or not. (type: Boolean)

More information can be found in this Apple documentation: https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<!-- Used to define the structure of the management tree for the device-->
<plist version="1.0">
   <dict>
      <key>PayloadDisplayName</key>
      <string>Wenley-HiFi-1.0.1</string>
      <key>PayloadIdentifier</key>
      <string>tetrapi.radiusdesk-apple-4</string>
      <key>PayloadRemovalDisallowed</key>
      <false />
      <key>PayloadType</key>
      <string>Configuration</string>
      <key>PayloadUUID</key>
      <string>radiusdesk-apple-3</string>
      <key>PayloadVersion</key>
      <integer>1</integer>
      <key>ExpirationDate</key>
      <date>2029-06-22T11:45:30Z</date>
      <key>PayloadContent</key>
      <array>
         <dict>
            <key>AutoJoin</key>
            <true />
            <key>CaptiveBypass</key>
            <false />
            <key>DisableAssociationMACRandomization</key>
            <false />
            <key>DisplayedOperatorName</key>
            <string>HS2.0 Wenley-HiFi-1.0.1</string>          
            <key>DomainName</key>
            <string>radiusdesk.com</string>
            <key>EAPClientConfiguration</key>
            <dict>
               <key>AcceptEAPTypes</key>
               <array>
                  <integer>21</integer>
               </array>
               <key>TLSTrustedServerNames</key>
               <array>
<string>uam.mesh-manager.com</string>
</array>
               <key>TTLSInnerAuthentication</key>
               <string>MSCHAPv2</string>
               <key>UserName</key>
               <string>mathis@hotspottwo</string>
               <key>UserPassword</key>
               <string>testing123</string>
               <key>OuterIdentity</key>
               <string>anonymous@hotspottwo</string>
            </dict>
            <key>EncryptionType</key>
            <string>WPA</string>
            <key>HIDDEN_NETWORK</key>
            <false />
            <key>IsHotspot</key>
            <true />
            <key>PayloadDescription</key>
            <string>Configure Passpoint for Tetrapi</string>
            <key>PayloadDisplayName</key>
            <string>Wi-Fi</string>
            <key>PayloadIdentifier</key>
            <string>com.apple.wifi.managed.radiusdesk-apple-2</string>
            <key>PayloadType</key>
            <string>com.apple.wifi.managed</string>
            <key>PayloadUUID</key>
            <string>radiusdesk-apple-1</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
            <key>ProxyType</key>
            <string>None</string>
            
            
            <key>ServiceProviderRoamingEnabled</key>
            <true />
         </dict>
      </array>
   </dict>
</plist>%
  • technical/pp-apple.txt
  • Last modified: 2025/07/23 08:02
  • by mathis