This page describes how to deploy Reflex on a number of Android devices using an MDM tool like Microsoft Intune, Soti, etc.
Deployment via Google Playstore and managed configurations
This method is the simplest and most secure, but it requires Google.
Prerequisites
The Reflex Android application supports the "managed configuration" feature provided by Android Enterprise.
It only works for terminals running Android 6 or later.
Your MDM tool will therefore need to be able to deploy “managed applications” in accordance with Android Enterprise rules.
Configuration
Each tool is different, however, here we will look at a configuration defined in Microsoft Intune.
- Open Microsoft Intune.
- Search for the Reflex Web application in the Google Play Store, which can be accessed from the MDM tool: https://play.google.com/store/apps/details?id=hardis.com.wagonandroid&hl=en
- Make the application available.
- In the application properties, assign the application to the relevant users or terminals.
- Return to the main menu and select "App configuration policies".
- Create a "managed devices" policy and assign it to the Reflex Web application.
You then need to input the parameters exposed by Reflex Web.
Depending on your MDM tool's capabilities, you can choose between two configuration methods:
Reflex Web parameters
Assisted configuration
Microsoft Intune provides a "Designer" configuration but unfortunately it does not support the "bundleArray" parameter lists exposed by Reflex Web. You will therefore need to use a json file for the configuration.
You will find the description of the parameters further down on this page.
Configuration via json file
The json file consists of lists of keys to which a value must be assigned.
Extract from the json file:
{
"kind": "androidenterprise#managedConfiguration",
"productId": "app:hardis.com.wagonandroid_beta",
"managedProperty": [
{ "key": "configurations",
"valueBundleArray": [
{ "managedProperty": [
{ "key": "pref_name", "valueString": "Test" },
{ "key": "pref_icon", "valueString": "favicon.ico" },
{ "key": "pref_cat_connection",
"valueBundle": {
"managedProperty": [
{ "key": "pref_url", "valueString": " https://10.209.5.47:443/reflex " },
{ "key": "pref_environment", "valueString": "formation" },
{ "key": "pref_application_profile", "valueString": "RFXPGM=HEPWAG&RFXFOR=01" },
{ "key": "pref_url_parameters", "valueString": "" },
{ "key": "pref_desktop", "valueString": "android" },
{ "key": "pref_keep_alive", "valueInteger": 10 }
]
...
You can define several configurations (parameter groups) to enable access to your test environment or production environment, for example, by duplicating the data block, as shown below.
Example of a json file with two parameter groups:
{
"kind": "androidenterprise#managedConfiguration",
"productId": "app:hardis.com.wagonandroid_beta",
"managedProperty": [
{ "key": "configurations",
"valueBundleArray": [
{ "managedProperty": [
{ "key": "pref_name", "valueString": "Test" },
...
]
},
{ "managedProperty": [
{ "key": "pref_name", "valueString": "Production" },
...
Warnings
It is up to the MDM tool to push updates from the Reflex Android application to the terminals.
The parameters set by the MDM tool can no longer be modified by the user. If you want users to be able to decide this, the MDM tool should not populate the parameter.
Parameters modified by the MDM tool will be taken into account when the Reflex Android application is started.
Desktop shortcuts that enable users to access each Reflex environment directly cannot be deployed automatically. These will need to be created by the user manually using the environment menu in Reflex Apk.
The Reflex Apk variant that can be downloaded from Google Play Store has the following restrictions:
- Auto-updating from the Reflex server is not permitted.
- Accessing the file system is not permitted. It is therefore not possible to inject parameters via files.
Deployment via files
Obtaining Reflex Web Android
Download the .apk file of the latest version from the following URL: https://nexus.hardis-group.com/#browse/browse:adelia-isv:hardis%2Fcom%2Fwagonandroid%2Freflexweb-legacy
This is the Legacy variant, which is the only one that can access configuration files.
Mono-environment configuration
Use this when you would like to force the configuration so that the terminal only accesses one Reflex environment, such as production:
Copy the REFLEX_HOME/conf/android*.properties file from your Reflex server to /Hardis/Reflex/Conf/reflexWeb.properties on the terminal.
Then edit the reflexWeb.properties file by adding the following lines to the start of the file:
url=connection-url/reflex
config_key=key_name
The connection_url is made up of the connection mode (http or https), followed by the name of the server or load balancer, and finally the port number, if needed.
values_of_url_parameters contains the value of the "url_parameters variable" found at the start of the .properties file you just created.
config_key corresponds to the value found on the reflex/updater page (URL in the installation report) or in the conf/storeConfig.properties file.
Click here to download an example of file to put in /Hardis/Reflex/Conf/.
Multi-environment configuration
Use this when you would like to authorise the terminal to access multiple Reflex environments, such as production and test:
Create the /sdcard/Hardis/Reflex/Conf/configurations.xml file (external storage). This file contains the list of configurations.
Example of the content in this file:
<?xml version="1.0" encoding="UTF-8"?>
<configurations>
<configuration><name>Tests</name>
<url>http://<web server name>:port /reflex?RFXENV=<environment_name>&RFXPGM=HEPWAG&RFXFOR=01</url>
<key>1_Portrait</key>
<icon>favicon.ico</icon>
</configuration>
</configurations>
A configuration will need to be created for:
each Reflex environment,
each terminal orientation (portrait/landscape),
each application resolution (320x240, 640x480, 800x600).
Loading the configuration parameters
Once it finds the configuration URL, the application connects to the Reflex server and searches for the parameters to be downloaded. For example, it
searches for the Key field (value of "1_Portrait" in our example above) in the REFLEX_HOME/conf/storeConfig.properties file.:Example of a storeConfig.properties file:
hardis.com.wagonandroid=[URL]url/androidApk;[URL]url/androidEmulatorConfigMobilePortrait
hardis.com.wagonandroid\:1_Portrait=[URL]url/androidApk;[URL]url/androidEmulatorConfigMobilePortrait
hardis.com.wagonandroid\:2_Landscape=[URL]url/androidApk;[URL]url/androidEmulatorConfigMobileLandscape
The REFLEX_HOME/conf/androidEmulatorConfigMobilePortrait.propertiesserver file is then downloaded.
This is a commented file containing explanations of the possible parameter values.
Taking updates into account
Updating Reflex Apk
If the disable_auto_update parameter is set to "false", when Reflex Apk starts for the first time each day, it automatically checks for a more recent update or for changes to the parameters file on the Reflex server.
It is possible to manually request an update using the Update menu in Reflex Apk.
Updating parameters
Parameters are managed as follows:
Parameters can be modified by the user from the Reflex Apk parameters menu and are taken into account immediately. If they are populated in the file, they will be overwritten by the parameter values in the file the next time it is read.
Description of parameters
Configurations
Configurations table. A configuration is a set of parameters corresponding to a Reflex environment (e.g.: a test or production environment).
Description | Key (type) The Pref_ prefix is only present in the json format. | Mandatory? | Purpose and possible values | ||||||||||||||
Title | Pref_name (string) | yes | Name of the parameter group, possible value: "Test" | ||||||||||||||
Icon | Pref_icon (string) | Shortcut icon file, recommended value: "favicon.ico" | |||||||||||||||
Connection parameters | |||||||||||||||||
Application URL | Pref_url (string) | yes | Root URL for the Reflex server. Possible value "http://10.209.5.46:8080/reflex" /reflex must be included as the suffix. | ||||||||||||||
Name of the environment | Pref_environment (string) | yes | Reflex environment name; possible value: "Test" | ||||||||||||||
Application | Pref_application_profile (string) | yes | If you opted for assisted configuration, you will just need to select the designation from the drop-down list. If you are using the json file for the configuration, you will need to assign the corresponding value to the parameter.
| ||||||||||||||
URL parameters | Pref_url_parameters (string) | Additional parameters to be added to the URL. Freely input value. | |||||||||||||||
Desktop | Pref_Desktop (string) | Recommended value: "android" | |||||||||||||||
Connection time | Pref_Keep_alive (integer) | Time in seconds (between 5 and 60) after which a ping is sent in order to prevent disconnection from the network. Recommended value =30 | |||||||||||||||
| Security parameters | |||||||||||||||||
Using the system's browser for user authentication | Pref_Use_external_browser_auth (boolean) | If this option is selected, user authentication (JEE, OpenID) will be based on the system's browser. Recommended value: true | |||||||||||||||
The server name is not verified. | Pref_Ssl_allow_all_hosts (boolean) | If this option is selected, the server name will not be verified during the SSL connection. | |||||||||||||||
Private SSL certificate | Pref_Private_ssl_certificate (string) | Environment certificate in Base64 “cer" or "pem" format over a single line. Only in the file in json format. | |||||||||||||||
Display parameters | |||||||||||||||||
Orientation | Pref_Display_orientation (integer) | yes | Recommended value: 1 Possible values: 1: Based on terminal screen 2: Based on screen rotation 3: Portrait 4: Landscape 5: Reverse portrait 6: Reverse landscape | ||||||||||||||
Emulated screen resolution | Pref_Resolution (string) | yes | Possible values: -1 -1 : Based on terminal screen 320,240: Emulation 320 x 240 (QVGA) 640,480: Emulation 640 x 480 (VGA) 800,600: Emulation 800 x 600 (SVGA) | ||||||||||||||
Full screen | Pref_Full_screen (boolean) | Execution in full screen mode. Expands the application so that it displays on top of the Android tool bar. Recommended value: false | |||||||||||||||
Ide the toolbar | Pref_Hide_action_bar (boolean) | Hides the Reflex tool bar. To display it again, swipe the screen. Recommended value: true | |||||||||||||||
Message fonts | Pref_Message_font (integer) | Font size of characters in error messages. Recommended value =8 | |||||||||||||||
Prevents sleep mode. | Pref_Keep_screen_on (integer) | Recommended value =0 0: Deactivated, sleep mode is managed by the system's parameters. < 0: The terminal never goes into sleep mode. >0: Sets the period of inactivity in seconds after which the terminal will switch to sleep mode. | |||||||||||||||
Miscellaneous parameters | |||||||||||||||||
Enables notification of incoming intents | Pref_Enable_Notification | Value: true/false. | |||||||||||||||
Deactivating keyboard focus | Pref_Disable_keyboard_focus (boolean) | If this option is selected, the Android keyboard will not display automatically when a field is activated. Recommended value =false | |||||||||||||||
Activating automatic focus | Pref_Enable_auto_focus (boolean) | Activates automatic focus management during confirmation of an input field. Recommended value =false | |||||||||||||||
Shaking to refresh | Pref_Shake_to_reload (integer) | Sensitivity level of the shake sensor. 0: deactivated 3: Very sensitive 10: Normal 25: Not very sensitive Recommended value: 0 | |||||||||||||||
Number of shakes | Pref_Num_of_shakes (integer) | Recommended value: 0 | |||||||||||||||
Display error details | Pref_Error_detail (boolean) | Recommended value: true | |||||||||||||||
Activating NFC support | Pref_Enable_nfc (boolean) | ||||||||||||||||
Activating Zxing support | Pref_Enable_zxing (boolean) | Activates the camera for bar code scanning Recommended value: false | |||||||||||||||
Logging parameters | |||||||||||||||||
Activating the log | Pref_Enable_logging (boolean) | Activates logging Recommended value: false | |||||||||||||||
Detail level | Pref_Log_level (string) | Log level Possible values: ERROR, WARN, INFO, DEBUG, TRACE. Recommended value: ERROR | |||||||||||||||
Transfer protocol | Pref_Log_upload_protocol (string) | Possible values: FTP, AWS | |||||||||||||||
Server URL | Pref_Log_upload_server (string) | Server URL Example: ftp://xxx or http :xxx | |||||||||||||||
Profile | Pref_Log_upload_login (string) | ||||||||||||||||
Password | Pref_Log_upload_password (string) | ||||||||||||||||
Backup directory | Pref_Log_upload_directory (string) | Directory on the server where the log files will be saved. AWS bucket FTP directory | |||||||||||||||
| Permissions on menus parameters | |||||||||||||||||
Environments | Pref_enable_environment_menu (boolean) | Makes the environments menu visible Recommended value: true | |||||||||||||||
Private_ssl_certificate
Description | Json key (type) | Mandatory? | Purpose and possible values |
Private SSL certificate | Private_ssl_certificate (string) | Certificate in Base64 "cer" or "pem" format over a single line. You can configure this value here once, so that it is used globally for all configurations. Only in the file in json format. |
Configurations with certificates
Https specification - Auto-signed certificate or company certificate
It is possible to automate the import of auto-signed certificates in the Reflex application on the Android terminal. This does not apply to paid certificates as they already take this process into account.
Creating the keystore
The Keystore can only be created on a Reflex server that has a web role (Java is required).
Create the "keystore" using the following command (cmd or Linux):
keytool -importcert -v -trustcacerts ?file certificatename -alias certificatealias -keystore storename -provider
org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath bcprovjar -storetype BKS -storepass storepass -noprompt
certificatename: Name of the certificate file (with path if needed)
certificatealias: Alias to be assigned to this certificate.
storename: Name of the keystore file to be generated/modified.
bcprovjar: Path to the "bcprov" jar file (provided in Reflex for the web and processing roles. It is located in the $REFLEX_HOME/product/java/reflexcloud/WEB-INF/lib/ folder and its name starts with bcprov-jdk.
For example: /hardis/reflex/product/java/reflexcloud/WEB-INF/lib/bcprov-jdk15on-1.60.jar)
storepass: Keystore password
Modifying the reflexWeb.properties file
The following lines must be added to the reflexWeb.properties file:
# created truststore
ssl_trust_store=MYSRVTRUSTSTORE.BKS
# Password to access to local truststore (default changeit)
ssl_trust_store_password=STOREPASS_NAME
ssl_trust_store corresponds to the name of the "keystore" that you have already created or will create after this step.
ssl_trust_store_password corresponds to the "storepass" password that you have already created or will create after this step.
Then copy the reflexWeb.properties file and the keystore to the following folder on the terminal: /Hardis/Reflex/Conf/
Also add the following three lines to the start of the file:
ssl_private_store=true
ssl_allow_all_hosts=true
disable_auto_update=false
ssl_private_store: If this option is checked, secure (SSL) connections will use the application’s certificates instead of the system's certificates (True: Auto-signed; False: Paid).
ssl_allow_all_hosts: If this option is selected, the server name will not be verified during SSL(True: Auto-signed; False: Paid).
disable_auto_update: Deactivates automatic updates and configuration.
It should be set to "False" if you want Reflex to perform the update