davelebbing
commented
1 month ago @dstranathan please show all config settings used for this scenario or attach a mobileconfig.
Open dstranathan opened 1 month ago
davelebbing
commented
1 month ago @dstranathan please show all config settings used for this scenario or attach a mobileconfig.
dstranathan
commented
1 month ago Jamf MDM profile XCreds 5 7130
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>discoveryURL</key>
<string>https://login.microsoftonline.com/common/.well-known/openid-configuration</string>
<key>ADDomain</key>
<string>redacted</string>
<key>CreateAdminUser</key>
<true/>
<key>clientID</key>
<string>redacted</string>
<key>redirectURI</key>
<string>xcreds://auth/</string>
<key>map_firstname</key>
<string>given_name</string>
<key>map_lastname</key>
<string>family_name</string>
<key>map_fullname</key>
<string>name</string>
<key>map_username</key>
<string>samAccountName</string>
<key>aliasName</key>
<string>upn</string>
<key>shouldUseROPGForLoginWindowLogin</key>
<false/>
<key>shouldUseROPGForMenuLogin</key>
<false/>
<key>shouldUseROPGForPasswordChangeChecking</key>
<false/>
<key>KeychainReset</key>
<true/>
<key>PasswordOverwriteSilent</key>
<true/>
<key>HomeAppendDomain</key>
<false/>
<key>autoRefreshLoginTimer</key>
<integer>600</integer>
<key>cloudLoginText</key>
<string>Org Cloud Login</string>
<key>loadPageInfo</key>
<string>(make sure you are connected to a network)</string>
<key>loadPageTitle</key>
<string>Please Wait...</string>
<key>loginWindowBackgroundImageURL</key>
<string>https://foo-extpubcontent.blob.core.windows.net/wwwpub/ITOPS/xcreds/simr_xcreds_loginwindow_00.png</string>
<key>loginWindowHeight</key>
<integer>500</integer>
<key>loginWindowWidth</key>
<integer>500</integer>
<key>shouldLoginWindowBackgroundImageFillScreen</key>
<true/>
<key>passwordChangeURL</key>
<string>https://mysignins.microsoft.com/security-info/password/change</string>
<key>shouldShowSignInMenuItem</key>
<true/>
<key>shouldShowVersionInfo</key>
<false/>
<key>shouldShowSystemInfoButton</key>
<true/>
<key>systemInfoButtonTitle</key>
<string> System Info</string>
<key>menuItems</key>
<array>
<dict>
<key>linkOrAppPath</key>
<string>/System/Applications/Utilities/Keychain Access.app</string>
<key>menuItemName</key>
<string>Keychain Access...</string>
<key>separatorAfter</key>
<false/>
<key>separatorBefore</key>
<true/>
</dict>
<dict>
<key>linkOrAppPath</key>
<string>/System/Library/CoreServices/Applications/Ticket Viewer.app</string>
<key>menuItemName</key>
<string>Ticket Viewer...</string>
<key>separatorAfter</key>
<false/>
<key>separatorBefore</key>
<false/>
</dict>
<dict>
<key>linkOrAppPath</key>
<string>/Applications/Software Center.app</string>
<key>menuItemName</key>
<string>Software Center...</string>
<key>separatorAfter</key>
<false/>
<key>separatorBefore</key>
<false/>
</dict>
<dict>
<key>linkOrAppPath</key>
<string>https://foo.service-now.com/sp</string>
<key>menuItemName</key>
<string>ServiceNow...</string>
<key>separatorAfter</key>
<false/>
<key>separatorBefore</key>
<true/>
</dict>
</array>
<key>refreshRateHours</key>
<integer>0</integer>
<key>refreshRateMinutes</key>
<integer>15</integer>
<key>shareMenuItemName</key>
<string>Network Drives</string>
<key>shouldAllowKeyComboForMacLoginWindow</key>
<true/>
<key>shouldDetectNetworkToDetermineLoginWindow</key>
<true/>
<key>shouldPreferLocalLoginInsteadOfCloudLogin</key>
<false/>
<key>shouldPromptForADPasswordChange</key>
<true/>
<key>shouldPromptForMigration</key>
<false/>
<key>shouldShowAboutMenu</key>
<true/>
<key>shouldShowCloudLoginByDefault</key>
<true/>
<key>shouldShowConfigureWifiButton</key>
<false/>
<key>shouldShowLocalOnlyCheckbox</key>
<true/>
<key>shouldShowPreferencesOnStart</key>
<false/>
<key>shouldShowQuitMenu</key>
<true/>
<key>shouldShowRefreshBanner</key>
<true/>
<key>resetPasswordDialogTitle</key>
<string>Sign in to sync your Mac password with Org</string>
<key>refreshBannerText</key>
<string>Sign in to sync your Org password with your Mac</string>
<key>shouldShowMacLoginButton</key>
<true/>
<key>shouldShowSupportStatus</key>
<true/>
<key>shouldSwitchToLoginWindowWhenLocked</key>
<false/>
<key>showDebug</key>
<true/>
<key>usernamePlaceholder</key>
<string>Username</string>
<key>passwordPlaceholder</key>
<string>Password</string>
<key>verifyPassword</key>
<true/>
<key>localFallback</key>
<true/>
<key>HomeMountEnabled</key>
<false/>
<key>SlowMount</key>
<true/>
<key>SlowMountDelay</key>
<integer>2000</integer>
</dict>
</plist>Holding to confirm plans to demo with @dstranathan
dstranathan
commented
1 month ago Will confirm I am seeing it on 7147. This can be problematic because you usually cant see the MFA random numbers behind the wonky overlay and thus cant complete a password change because its obscured.
I'll book a meeting soon to demo this. Thanks
dstranathan
commented
3 weeks ago Im hoping to follow-up soon in Zoom meeting to show you this issue in a live demo. Apologies for delays.
-Logged into Mac with XCReds 5 7130 using Azure creds (while on my AD domain). -User gets tokens etc. -Changed password from XCreds drop-down menu (redirected to my orgs Entra portal). Done. -Eventually Xcreds prompts to update/sync my password. -I am presented with an Xcreds "Password Update" box that renders BOTH an Azure web view and a AD box on top of each other (and all fields can be populated with input).
If I recall, this was an issue back in 4.1?
I have logs from ~/Library/logs/xcreds.log but will need to send them to you via email or Slack for security.
See screenshots