Windows Phone Enterprise Client Signing

Afaria
Document Version: 1 - 2014-04-04
Windows Phone Enterprise Client
Signing
Table of Contents
1
Signing Afaria Enterprise Client for Windows Phone Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1
Creating a Developer Account. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.2
Acquiring the Code-Signing Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.3
Generating the Application Enrollment Token. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.4
Compiling and Signing the Afaria Enterprise Application. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.5
Uploading the AET and the Signed Afaria Application. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.6
Deploying Windows Phone Enterprise Applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
2
Important Disclaimers on Legal Aspects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2
© 2014 SAP AG or an SAP affiliate company. All rights reserved.
Windows Phone Enterprise Client Signing
Table of Contents
1
Signing Afaria Enterprise Client for
Windows Phone Devices
To generate and sign the Windows Phone enterprise client for Afaria, the enterprises must establish a developer
account with Microsoft, acquire code-signing certificate from Symantec, generate enrollment token, and sign the
client application using the enrollment token.
The general steps that enterprises must follow to establish an enterprise account, acquire the code-signing
certificate, generate the enrollment token, and sign the Windows Phone application are:
1.
The company registers on the Windows Phone Dev Center and establishes a company account.
The company is validated by Symantec, during the company account creation.
2.
The company acquires an enterprise mobile code-signing certificate from Symantec.
This certificate is required to generate the Application Enrollment Token (AET) to sign the enterprise apps.
3.
Export a PFX file from this certificate, and use the AET Generator tool provided by Windows Phone SDK 8.0 to
generate an application enrollment token (AET).
4.
Download the unsigned Windows Phone Afaria application (XAP) in the Afaria Administration console.
5.
Sign the XAP with the AET, and upload the signed XAP in the Administration console.
These steps are elaborated in the further sections.
Windows Phone Enterprise Client Signing
Signing Afaria Enterprise Client for Windows Phone Devices
© 2014 SAP AG or an SAP affiliate company. All rights reserved.
3
Figure 1: Windows Phone Enterprise Client Signing
Note
These procedures are specific to Microsoft and are subject to change in future. Please refer to the
Windows Phone Dev Center documentation for further information and updates.
http://msdn.microsoft.com/en-us/library/windowsphone/develop/jj206943(v=vs.105).aspx
1.1
Creating a Developer Account
To register for a developer account, the enterprise must have a Microsoft account, preferably a company account
associated with an MSDN license.
1.
Sign in to the Windows Store Apps Dev Center with your Microsoft account details.
2.
Select the developer account type as company.
3.
Enter the contact information and other details to use for your company developer account.
4.
Enter the purchase details and make payment for the account, using a credit card. (This is free of cost if you
have an MSDN subscription).
During account creation, all company accounts go through the Symantec ID validation process, to validate the
authenticity of companies registering for a developer account.
4
© 2014 SAP AG or an SAP affiliate company. All rights reserved.
Windows Phone Enterprise Client Signing
Signing Afaria Enterprise Client for Windows Phone Devices
1.2
Acquiring the Code-Signing Certificate
Acquire the enterprise mobile code-signing certificate from Symantec, required to generate an Application
Enrollment Token (AET) to sign company apps.
1.
Obtain the Publisher ID for the company as provided on the company’s Dev Center account page.
2.
On the Symantec Enterprise Mobile Code Signing Certificate Web site, complete the steps required to acquire
an enterprise mobile code signing certificate.
Symantec delivers a certificate that can be imported in to your certificate store. This certificate is valid for a
year from the date of issue.
Figure 2: Enterprise Mobile Code Signing Certificate
3.
Export the certificate in PFX format, along with the private key for the certificate.
Windows Phone Enterprise Client Signing
Signing Afaria Enterprise Client for Windows Phone Devices
© 2014 SAP AG or an SAP affiliate company. All rights reserved.
5
Figure 3: Enterprise Certificate
Note
The minimum group membership required to complete this procedure is ‘Users’ or local ‘Administrators’.
1.3
Generating the Application Enrollment Token
Before you can distribute company apps to employees or other users, you must create an application enrollment
token (AET). The PFX file exported from the code-signing certificate is used to generate an AET, to sign the
company apps.
Executing this procedure may require the assistance of an expert in Windows Phone SDK 8.0.
1.
Use the AETGenerator tool provided by the Windows Phone SDK 8.0, to generate the application enrollment
token.
The AETGenerator tool is available at the following location: %ProgramFiles(x86)%\Microsoft SDKs
\Windows Phone\v8.0\Tools\AETGenerator.
2.
After token generation, distribute the AET.aetx file to users so they can enroll their phone for company app
distribution.
The AET is generated once per year.
6
© 2014 SAP AG or an SAP affiliate company. All rights reserved.
Windows Phone Enterprise Client Signing
Signing Afaria Enterprise Client for Windows Phone Devices
1.4
Compiling and Signing the Afaria Enterprise Application
Use the Windows Phone development procedures to make compiled applications available for Afaria use.
Executing this procedure may require the assistance of an expert in Windows Phone SDK 8.0.
1.
Precompile any managed assemblies that are included in the Afaria XAP into native code.
2.
Sign the XAP with the code-signing certificate that was obtained from Symantec.
The Windows Phone SDK 8.0 provides command-line tools that can be used to perform these tasks. Refer to
the Windows Phone Dev Center documentation for further information.
Note
Ensure that the enterprise client is signed by the same code-signing certificate used to generate the AET.
1.5
Uploading the AET and the Signed Afaria Application
Upload the Application Enterprise Token (AET) generated using the code-signing certificate for the enterprise,
and the Afaria application (.XAP) signed by the same code-signing certificate.
For more details about creating a company account, generating enrollment tokens, and code-signing applications,
refer the Windows Phone Dev Center documentation.
1.
On the Home page Server tile, navigate to the
Configuration
Component
2.
In the AET File field, click Browse and select the AET file to upload.
Windows Phone
page.
Windows Phone enrollment will fail when the already uploaded .aetx file has expired.
3.
Download the unsigned Afaria application (.XAP) file.
4.
Sign the Afaria application using the same code-signing certificate used to generate the AET file.
5.
Click Browse to select and upload the signed Afaria application.
The Afaria application is silently installed on the Windows Phone device, when the device enrolls in Afaria
management.
1.6
Deploying Windows Phone Enterprise Applications
Deploy Windows Phone enterprise applications by deploying the application policy. Launch Afaria application on
the device, browse the application list and install the enterprise applications.
Before accessing the apps, ensure that the application enrollment token (AET) for the enterprise is available on
the device.
Windows Phone Enterprise Client Signing
Signing Afaria Enterprise Client for Windows Phone Devices
© 2014 SAP AG or an SAP affiliate company. All rights reserved.
7
Note
Please note that the enterprise apps must also be signed by the same code-signing certificate used to generate
the AET.
1.
On the Policy page, link the Windows Phone Enterprise application policy to a group.
2.
On the Group page, connect the group's devices to apply policies.
3.
Enroll the devices in Afaria management.
4.
Launch the Afaria application on the device, and browse the list of applications on the Apps page.
The device displays the list of applications from the Package Server. If you use the optional category attribute,
applications are grouped by category.
5.
8
On the device, click Install to install an app.
Afaria connects to the Package Server, downloads the application, and initiates the installation.
© 2014 SAP AG or an SAP affiliate company. All rights reserved.
Windows Phone Enterprise Client Signing
Signing Afaria Enterprise Client for Windows Phone Devices
2
Important Disclaimers on Legal Aspects
This document is for informational purposes only. Its content is subject to change without notice, and SAP does
not warrant that it is error-free. SAP MAKES NO WARRANTIES, EXPRESS OR IMPLIED, OR OF
MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE.
Coding Samples
Any software coding and/or code lines / strings ("Code") included in this documentation are only examples and
are not intended to be used in a productive system environment. The Code is only intended to better explain and
visualize the syntax and phrasing rules of certain coding. SAP does not warrant the correctness and completeness
of the Code given herein, and SAP shall not be liable for errors or damages caused by the usage of the Code,
unless damages were caused by SAP intentionally or by SAP's gross negligence.
Accessibility
The information contained in the SAP documentation represents SAP's current view of accessibility criteria as of
the date of publication; it is in no way intended to be a binding guideline on how to ensure accessibility of software
products. SAP specifically disclaims any liability with respect to this document and no contractual obligations or
commitments are formed either directly or indirectly by this document.
Gender-Neutral Language
As far as possible, SAP documentation is gender neutral. Depending on the context, the reader is addressed
directly with "you", or a gender-neutral noun (such as "sales person" or "working days") is used. If when referring
to members of both sexes, however, the third-person singular cannot be avoided or a gender-neutral noun does
not exist, SAP reserves the right to use the masculine form of the noun and pronoun. This is to ensure that the
documentation remains comprehensible.
Internet Hyperlinks
The SAP documentation may contain hyperlinks to the Internet. These hyperlinks are intended to serve as a hint
about where to find related information. SAP does not warrant the availability and correctness of this related
information or the ability of this information to serve a particular purpose. SAP shall not be liable for any damages
caused by the use of related information unless damages have been caused by SAP's gross negligence or willful
misconduct. Regarding link classification, see: http://help.sap.com/disclaimer
Windows Phone Enterprise Client Signing
Important Disclaimers on Legal Aspects
© 2014 SAP AG or an SAP affiliate company. All rights reserved.
9
www.sap.com/contactsap
© 2014 SAP AG or an SAP affiliate company. All rights reserved.
No part of this publication may be reproduced or transmitted in any
form or for any purpose without the express permission of SAP AG.
The information contained herein may be changed without prior
notice.
Some software products marketed by SAP AG and its distributors
contain proprietary software components of other software
vendors. National product specifications may vary.
These materials are provided by SAP AG and its affiliated
companies ("SAP Group") for informational purposes only, without
representation or warranty of any kind, and SAP Group shall not be
liable for errors or omissions with respect to the materials. The only
warranties for SAP Group products and services are those that are
set forth in the express warranty statements accompanying such
products and services, if any. Nothing herein should be construed as
constituting an additional warranty.
SAP and other SAP products and services mentioned herein as well
as their respective logos are trademarks or registered trademarks
of SAP AG in Germany and other countries.
Please see http://www.sap.com/corporate-en/legal/copyright/
index.epx for additional trademark information and notices.

Download Report