Auto-provisioning

From dmfswiki
Jump to: navigation, search

CalDAV-Sync and CardDAV-Sync support auto-provisioning for painless account setup. This is particular useful if you run a CalDAV/CardDAV server for an organization with many users. Auto-provisioning allows users to set up the account without knowledge of any server details (and without all the typing). Auto-provisioning is still under development. Future releases will allow to set more options automatically up to a degree where almost no additional user-interaction is necessary.

How it works

To use auto-provisioning place a link matching this scheme on your website, in an email, an SMS, or in a QR code (see QR codes):

caldav[s]://[username[:password]@][servename][:port][/path][#options]
or
carddav[s]://[username[:password]@][servename][:port][/path][#options]

When you open this link from your phone's browser the CalDAV-Sync or CardDAV-Sync account setup will be invoked with these settings.

See below for some examples.

The details

Most parts of the link scheme are optional (depending on your server setup). Only the URI scheme and the server name are always mandatory.

caldavs:// or caldav://
prefix for CalDAV accounts using SSL or without SSL
carddavs:// or carddav://
prefix for CardDAV accounts using SSL or without SSL
[username] or [username:password]
(optional) the username and password to use for authentication (note: ":","@" and "/" in username or password have to be url-encoded). Beware: including the password may have serious security implications and is not recommended!
[servername]
the name of your server
[:port]
(optional) The port to connect to, mandatory if you use a non-standard port.
[/path]
(optional) The path to the CalDAV or CardDAV root, the principal home or the calendar/address book home. You can omit this if you use a .well-know redirection or if you don't run your server in a sub-path.
[#options]
(optional) A set of default account options. Multiple options have to be concatenated by an ampersand (&). Currently the following options are supported (more options will follow):
preemptive_auth
(currently CalDAV-Sync only) Enable preemptive authentication by default.
enforce_dtend
(CalDAV-Sync only) Always store a DTEND field in the event file, never use DURATION. This is a workaround for Oracle Convergence servers.

Examples

The following examples will set up accounts for the SOGo demo server

server name only
caldav://sogo-demo.inverse.ca
carddav://sogo-demo.inverse.ca
full path to DAV root
caldav://sogo-demo.inverse.ca/SOGo/dav
carddav://sogo-demo.inverse.ca/SOGo/dav
with username and port
caldav://sogo1@sogo-demo.inverse.ca:80
carddav://sogo1@sogo-demo.inverse.ca:80
with username and password
caldav://sogo1:sogo1@sogo-demo.inverse.ca
carddav://sogo1:sogo1@sogo-demo.inverse.ca
Note: Although it's supported, it's not recommended to use this because it contains your password in plain text and everyone with access to the page can read it!


Encoding example

Special care has to be taken when user names (and passwords) contain special characters that have to be encoded in ULRs. Use the following to sync using SSL (with an alternative SSL-port), preemptive authentication and enforced DTEND. The login in this example is username@example.com (note the encoded "@")

caldavs://username%40example.com@example.com:8443#preemptive_auth&enforce_dtend

QR codes

You can place the auto-provisioning link in a QR code for even more convenient setup (try to scan the image on the right).
this QR code will set up an account for SOGo

With an online QR generator (e.g. http://goqr.me/) you can even create the codes dynamically like in this example: http://api.qrserver.com/v1/create-qr-code/?data=caldav%3A%2F%2Fsogo1%40sogo-demo.inverse.ca&size=255x255

Please note that neither CalDAV-Sync nor CardDAV-Sync provide a QR code scanner, but any available scanner at Google Play should work well.

Thanks to "Rhapsodhy" for the QR code idea!

Use it locally

If you reset your device often you can use auto-provisioning to speed up account setup. Just create a file like below, change the URL in the <meta> tag to your needs and save it on your device.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>CalDAV-Sync auto setup</title>
<meta http-equiv="REFRESH" content="0;caldav://sogo1:sogo1@sogo-demo.inverse.ca/SOGo/dav/" />
</head>
<body>
Open this file to set up a CalDAV-Sync account on your device.
</body>
</html>

Now open the file on your device. You should be presented with the CalDAV-Sync account setup, pre-configured for your account (the code above will create a new account for the SOGo demo server).

To use the same file for CalDAV-Sync and CardDAV-Sync you can use links instead of the redirect:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>CalDAV-Sync and CardDAV-Sync painless account setup</title>
<body>
<p>
<a href="caldav://sogo1:sogo1@sogo-demo.inverse.ca/SOGo/dav/">Set up CalDAV-Sync</a>
</p>
<p>
<a href="carddav://sogo1:sogo1@sogo-demo.inverse.ca/SOGo/dav/">Set up CardDAV-Sync</a>
</p>
</body>
</html>


Note: Be sure to encode special characters in your password properly: " becomes %22 and / becomes %2F