Hello Marcello, Thank you for providing some information regarding our issue accessing the Onboarding and configuration services after our upgrade. It explains why our 14.12 version of our app didn't work, however we do have a 15.09 version of our Alljoyn mobile app running on IOS which is also unable to access these services.
I would assume that as the 15.09 app is able to complete the handshake process but is unable to access the onboarding or configuration services is due to a permission issue, is this related to not having a policy installed on our device running 16.04 thin client? If this is the case how is a policy obtained for the thin client device? Thank you for any further information you can provide on this issue, Cheers, Peter Peter Nisbet, MASc, C.E.T Electronics Engineer Heaven Fresh Canada Inc. 1600 Aimco Blvd., Unit 5 Mississauga ON L4W 1V1 Cell: +1.647.377.2489 http://www.heavenfresh.ca Linkedin <http://ca.linkedin.com/in/peternisbet265> On Fri, Sep 2, 2016 at 2:08 PM, Lioy, Marcello <[email protected]> wrote: > You are correct there are changes in security that are not compatible > between 14.12 and 16.04. The issue is likely with the Dashboard > application, which was open sourced (https://git.allseenalliance. > org/cgit/contributed_applications/dashboard.git/) a while back. > Depending on your product requirements you may wish to updated the > dashboard project to use the new security features. Unfortunately no one > is currently maintaining that project, but was made available exactly for > situations like these. If you do so it would be great if you upstreamed > your changes! > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Peter > Nisbet > *Sent:* Wednesday, August 31, 2016 12:41 PM > *To:* [email protected]; allseen-core@lists. > allseenalliance.org > *Subject:* [Allseen-core] Issues accessing config and onboarding services > after upgrading to 16.04a > > > > Hello All, > > > > I've recently been working on upgrading our smart home products from AJTCL > version 14.12 to 16.04a and I've ran into issues accessing the onboarding > and configuration services of the device. > > > > I can access our custom device control panel and control our > device through our Alljoyn app after the upgrade to 16.04. Our control > panel uses an unsecured interface, while I believe the configuration and > onboarding interfaces are secured. This leads me to believe that there is > some issue with the security settings for our products, as there appear to > be significant changes between the security of 14.12 and 16.04. > > > > If I bypass calls for authorisation, policy and ACL functions I am able to > load the config and onboarding services, however this only works with 15.09 > or above versions of Alljoyn, as the dashboard app running 14.12 asks > repeatedly for a passcode. > > > > In the logs I've collected from the device I noticed that the function > AJ_PolicyLoad(); in AJ_PeerHandleExchangeGUIDs returns with error no policy > found. Could this be causing issues as I'd assume not having a policy would > prevent access to interface methods for the secured interface. > > > > It appears the interface methods for the onboarding and config services > are being registered in the access control list as I see this being done as > the device starts up. > > > > In the device logs I notice that on first attempt to access the onboarding > or config services, the device and app seem to fail at > AJ_PeerHandleKeyExchange(); with failed authentication, however restarting > the app on the phone and reconnecting to the device results in > authentication being successful and ultimately resulting a successful > handshake. The app however will repeatedly ask for a passcode when it tries > to call an interface method. I also see an error on the thin client for > FindAccessControlMember: Access table not initialized. > > > > Some information on our platform: > > OS: MQX 4.1 RTOS > > Alljoyn core version: 16.04a > > Base service version: 16.04 > > > > IOS App versions: 15.09 > > Android App: Dashboard 14.12 > > Cipher used is ALLJOYN_ECDHE_PSK > > > > If the issue is with not having a policy for the device please direct me > to where I can generate one. If it is not related to the policy is it some > other security issue and is it something that needs to be changed on the > thin client or mobile app. > > > > Any insight or information would be most appreciated. > > > > Thanks in advance, > > > > Peter > > > > > Peter Nisbet, MASc, C.E.T > > Electronics Engineer > > > > Heaven Fresh Canada Inc. > > 1600 Aimco Blvd., Unit 5 > > Mississauga ON L4W 1V1 > > Cell: +1.647.377.2489 > > http://www.heavenfresh.ca > > > > Linkedin <http://ca.linkedin.com/in/peternisbet265> >
_______________________________________________ Allseen-core mailing list [email protected] https://lists.allseenalliance.org/mailman/listinfo/allseen-core
