There is no strict minimum OS or APK version required for devices to support provisioning to Portal3. However, devices running outdated versions of iCanvasplayer (pre-3.2, released December 2019) cannot connect to the VLE3 backend because they do not feature the signed header authentication (RSA key pair). |
Symptoms
When provisioning a device that is running an outdated APK:
The device successfully connects to the internet.
The device fails to connect to the backend (XMPP).
Background
-
Signed Header Authentication (RSA key pair)
Introduced in iCanvasplayer 3.2 (December 2019).
Required for all devices connecting to VLE3.
All devices manufactured since 2020 ship with this version or newer. Any device manufactured prior to 2020 is embedded with an earlier version.
-
VLE2 vs. VLE3 Authentication
VLE2: Supported a fallback mechanism that allowed devices without RSA support to authenticate using the older client ID + client secret method.
VLE3: No fallback mechanism exists, in order to avoid reintroducing security risks and technical debt.
Resolutions
Identify which case applies to your device, then follow the troubleshooting steps below.
Case 1: Device running outdated APK (pre-2019)
This is the case if:
The device was manufactured prior to 2019 and has never been powered on.
The device will connect to the internet but fail backend connection.
How to troubleshoot:
This device can still receive an APK update from Triage services. Begin the provisioning process to connect the device to the internet. The update will be pushed automatically once internet connectivity is established. Once updated, the device will generate an RSA key pair and connects to the backend automatically.
Case 2: RSA key mismatch after rollback
This is the case if:
The device was previously provisioned with an existing profile in Portal3.
A factory reset was initiated on the device, causing as OS rollback to original manufacturer settings.
During reprovisioning, the device will connect to the internet but fail backend connection.
How to troubleshoot:
Delete the device profile from Portal3. For guidance, see Deleting a Device Profile.
Reprovision the device using the Videri Mobile App.
Once reprovisioned, the device will regenerate RSA keys and establish a secure connection.
Best Practices When Using Older Devices
Avoid performing OS-level factory resets (reset + power plug) unless absolutely necessary.
Always allow Triage services to push critical APK updates automatically by establishing a frequent maintenance window. For more information, see Defining a Maintenance Schedule for a Device.
If provisioning issues persist after an OS rollback, reset the device and re-provision after deleting its Portal profile.
Comments
0 comments
Article is closed for comments.