Android 2.0

From Swivel Knowledgebase
Revision as of 16:53, 20 August 2015 by Rallen (talk)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Swivel Android 2.x App Overview

Swivel Secure now offers a Android mobile client for use with the Swivel platform. This article explains how to download, configure and use this client. For other phones see Mobile Phone Client for earlier versions.


Requirements

Swivel 3.10 or later

Android OS

The Swivel virtual or hardware appliance must be reachable from the mobile phone to receive security strings

The index is required to be entered as nn on the end eaxample: 292401, Swivel versions earlier than 3.10 require ,nn example: 2924,01 otherwise it will see it as a dual channel authentication.

Valid certificate on the Swivel server or non SSL, but not a self signed certificate


Versions

Swivel Mobile Version 2.1.2 released: 05/02/2014

Version 2.1.1 released: 05/01/2014

Version 2.0 released (Swivel 3.10 or later)

  • Simple User Inteface
  • Extra Mobile Policies
  • Help Section
  • Citrix Receiver VPN Client support (iPhone Only)
  • Removal of comma from OTC


Which version do I need?

Swivel version 3.10 or later,

Android Mobile Client 2.1


Swivel Server Configuration

Configuring Mobile Client user access on the Swivel virtual or hardware appliance

To allow a user to authenticate using a One Time Code from a mobile app, the user must have Mobile app authentication enabled. To do this on the Swivel Administration console ensure that the group they are part of has access to the Mobile Client under Repository Groups.


Configuring the Swivel Authentication

Swivel can authenticate users using the mobile client to authenticate by RADIUS or Agent-XML authentication

  • For RADIUS authentication see RADIUS Configuration Note: The access device must be configured to use PAP for authentication.

Allow user to browse strings: Options Yes/No, Default No. Version 3.9.6 onwards. This option allows the Mobile Phone App user to browse through the security strings. Availability to this feature is server controlled.


Mobile Client Policies

For the Server based policies see Mobile Client Policies 2.0 for previous versions see Mobile Client Policies


Swivel Mobile Application Installation

The Swivel Mobile Phone Client 2 is available from the App store (see versions above). You can click the link to the and install from a web browser, or follow the instructions in this article to navigate to the App within the App Store.


Swivel Mobile Application Configuration

A user may use one of the following methods to provision a mobile device:


URL Provisioning

Provision URL Swivel 3.10 onwards


QR Code Provisioning

QR Code Provision Swivel 3.10.4 onwards


Get Server Settings

If an SSD server is being used, select Get Server Settings and enter the Server ID.


Manual Configuration

Manual entry may not be possible depending upon Swivel server policy

The settings are:

  1. Username: Your username that you use when you authenticate via Swivel
  1. Server: The URL from where the client can download security strings (or keys)
  1. Context: The context used by the web service. For a virtual or hardware appliance this is proxy, for a software install this is usually pinsafe
  1. Port: The port number used by the web service. For an virtual or hardware appliance this is 8443, for a software install this is 8080
  1. SSL: SSL settings

Once you have entered the settings you can select Submit in the header location of that page.


Android Mobile Client 2 settings.jpg


Downloading Security Strings or OTC

From the bottom menu there is a update keys button, pressing this will get you a new set of 99 security strings. This will attempt to retrieve Security Strings or OTC from the Swivel server.

If there are any problems and error message will be displayed

You can confirm that keys have been downloaded by checking the Swivel server logs

The Swivel server will display the following log message Security strings fetched for user: username


Android Mobile Client 2 updatekeys.jpg


Swivel Client Policies

Policies may be hidden from view by the Swivel server settings.

The following options are available:

PIN Entry Whether the PIN can be entered or not to auto extract the OTC

Select String Allow String Browsing, This is a Swivel server controlled option, which if enabled will allow the user to browse through security strings on the mobile app.

Number Pad A number pad is displayed for the PIN entry

Notifications Support Used for the OneTouch Mobile.


Authenticating with Swivel Mobile Phone Clients

To use the Swivel Mobile Phone Clients to authenticate is very simple.

  1. Open the Swivel Mobile Phone Client.
  2. Select the key icon on the bottom menu.
  3. Depending on your policy settings you will either be prompted for a PIN or immediately shown a One-Time-Code OTC.
  4. If you are asked for a PIN, enter the PIN number previously sent during the enrolment phase.
  5. Enter the OTC into the authentication dialogue, make sure you enter all the characters.

If you need to authenticate again you can select the '<' or '>' button and a new string will be displayed (you may have to enter your PIN again).

Android Mobile Client 2 keypad entry.jpg Android Mobile Client 2 otc.jpg


Updating Keys

The Swivel Mobile Phone Client downloads 99 keys at a time and these keys are used one at a time until there are none left. However a new set of 99 keys can be downloaded at any time by selecting Update Keys. Downloading keys requires network connectivity so it is recommended that you download a new set of keys before the Android is likely to be without network connectivity for any length of time.


Known Issues

Android version 4.4.4

The 4.4.4 Operating System of Android has functionality issues with the Swivel Mobile Client 2.0 upgrade to the Swivel Mobile Client 2.10 overcome this.

A work around exists if it is not possible to upgrade:

In order to install the file SwivelMobile-debug.apk please connect your mobile via usb to your computer to place the attached file onto your phones file system, then use a file manager application https://play.google.com/store/apps/details?id=com.mobisystems.fileman&hl=en - Once you have the file loaded onto your phone on the internal storage then just navigate to it using file manager application and then double click and it will launch.


Troubleshooting

  • Is the Swivel server accessible on the internet
  • Check the connection settings to the Swivel server
  • Check the Swivel logs for any error messages
  • Can the phone access the internet
  • If a RADIUS connection is seen from the access device to the Swivel server but authentication fails, try using PAP
  • Download new security strings to the phone and retest
  • Is the pin 6 characters when you only entered a 4 digit pin? If yes then enter all of the numbers you see on screen (the extra 2 are used as an index).
  • Login fails and User receives a security string or One Time Code by SMS or email at each login attempt. Again make sure you are entering all of the numbers shown on screen.
  • If the proxy port (8443) on the virtual or hardware appliance is being used, ensure that it supports the proxy request of the key retrieval using AgentXML. If this is the case then contact Support for an updated version of the Proxy.


Error Messages

Incorrect settings - please check your settings

The settings for downloading the security strings are incorrect. Verify what has been entered, and check what the values should be.


Timed Out

The settings for connecting to the Swivel server may be incorrect or the port is being blocked.


AGENT_ERROR_NO_SECURITY_STRINGS, AGENT ERROR NO SECURITY STRINGS

See AGENT ERROR NO SECURITY STRINGS


Tested Mobile Phones

The following phones have been tested

Mobile Phone Compatibility
Manufacturer Phone Model Kernel Version Android Version Operator Compatible Y/N
Android Galaxy S5 SM-G900F 3.4.0-3624618 + 5.0 O2 Y
Android Galaxy S4 GT-I9505 3.4.0-481100 + 4.4.4 O2 Y
Android Galaxy S4 GT-I9505 3.4.0-481100 + 4.4.2 O2 Y
Android - 3.2 + - Orange Y
Android - 3.2 + - O2 Y
Android - 3.2 + - Vodafone Y
  • The current version only supports one device per user.


Keywords: Android, Security, Tokens, Android App,