Can you help me with this question ?
Whether Content Filter Providers will be working only in Enterprise / Development Versions.
And it wont be working in AppStore / TestFlight Versions?
Can any one confirm this behaviour?
Post
Replies
Boosts
Views
Activity
#FB10039162
Raised to Apple Feedback.
I cant able to upload the sysdiagnose logs here. But i have it in Apple feedback
Raised a feedback in Feedback Assistant portal. FB11292074. Kindly help us on this issue.
Feedback ID: FB11467644
Feedback ID: FB11467655
Feedback raised: FB11736735
The step-ca demo server I was using didn't issue a Client Certificate if the Attest is set to false. Below ACME payload is verified to be working in iOS.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadUUID</key>
<string>70e4b45e3c1e</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadOrganization</key>
<string>NewComp</string>
<key>PayloadIdentifier</key>
<string>4565353a3a84</string>
<key>PayloadDisplayName</key>
<string>ACME</string>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadUUID</key>
<string>f84ef110e39b</string>
<key>PayloadType</key>
<string>com.apple.security.acme</string>
<key>PayloadOrganization</key>
<string>NewComp</string>
<key>PayloadIdentifier</key>
<string>f84ef110e39b</string>
<key>PayloadDisplayName</key>
<string>ACME Configuration</string>
<key>DirectoryURL</key>
<string>https://acmeserver/acme/acme/directory</string>
<key>ClientIdentifier</key>
<string>test</string>
<key>HardwareBound</key>
<true/>
<key>KeyType</key>
<string>ECSECPrimeRandom</string>
<key>KeySize</key>
<integer>384</integer>
<key>Subject</key>
<array>
<array>
<array>
<string>1.2.840.113549.1.9.1</string>
<string>test@test.com</string>
</array>
</array>
</array>
<key>SubjectAltName</key>
<dict>
</dict>
<key>KeyUsage</key>
<integer>5</integer>
<key>Attest</key>
<true/>
</dict>
</array>
</dict>
</plist>
@Achipl Please see my answer below. Apologies for the delay. Didn't log in for a long time.
@maraino Yes, we would be happy to collaborate on this.
To summarize, the ACME profile only works
i) if the device attestation is set to True.
ii) if there's no Common Name present in the Subject of the CSR. We get this below error if we provide a CN.
CSR names do not match identifiers exactly: CSR names = [test], Order names = []
We would like to understand how the "Client Identifier" will fit into this picture. Apologies for not getting back immediately. Thanks in advance.
We have also raised this issue in Feedback Assistant FB11774058 (iOS Vpp App Store App is not updating)
Sorry have attached Wrong link for Roster API.Please Refer to the Link for Roster API below.
But in Roster API it has mentioned that it doesn't supports for ABM. Can you give a clarity on this.
Roster API
Request:
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadUUID</key>
<string>ca4fc908-8f2a-4dc9-94c4-3f2dd78964e5</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadOrganization</key>
<string>MDM</string>
<key>PayloadIdentifier</key>
<string>com.mdm.20b7610d-0214-4ef1-b1a4-4d9b9b8335e4.iOSPlugin</string>
<key>PayloadDisplayName</key>
<string>iOS Plugin</string>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadUUID</key>
<string>f94706af-ba40-4fe1-9f7f-d64b3a839645</string>
<key>PayloadType</key>
<string>com.apple.webcontent-filter</string>
<key>PayloadOrganization</key>
<string>MDM</string>
<key>PayloadIdentifier</key>
<string>f94706af-ba40-4fe1-9f7f-d64b3a839645</string>
<key>PayloadDisplayName</key>
<string>Web Content Filter Policy</string>
<key>FilterType</key>
<string>Plugin</string>
<key>Password</key>
<string></string>
<key>UserDefinedName</key>
<string>MEMDM Filter</string>
<key>ServerAddress</key>
<string></string>
<key>PluginBundleID</key>
<string>com.manageengine.mdm.ios</string>
<key>FilterSockets</key>
<true/>
<key>FilterBrowsers</key>
<true/>
</dict>
</array>
</dict>
</plist>
Response:
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CommandUUID</key>
<string>InstallProfile;Collection=78</string>
<key>ErrorChain</key>
<array>
<dict>
<key>ErrorCode</key>
<integer>4001</integer>
<key>ErrorDomain</key>
<string>MCInstallationErrorDomain</string>
<key>LocalizedDescription</key>
<string>Profile Installation Failed</string>
<key>USEnglishDescription</key>
<string>Profile Installation Failed</string>
</dict>
<dict>
<key>ErrorCode</key>
<integer>4001</integer>
<key>ErrorDomain</key>
<string>MCInstallationErrorDomain</string>
<key>LocalizedDescription</key>
<string>Profile Failed to Install</string>
<key>USEnglishDescription</key>
<string>Profile Failed to Install</string>
</dict>
<dict>
<key>ErrorCode</key>
<integer>1009</integer>
<key>ErrorDomain</key>
<string>MCProfileErrorDomain</string>
<key>LocalizedDescription</key>
<string>The profile “iOS Plugin†could not be installed.</string>
<key>USEnglishDescription</key>
<string>The profile “iOS Plugin†could not be installed.</string>
</dict>
<dict>
<key>ErrorCode</key>
<integer>40000</integer>
<key>ErrorDomain</key>
<string>MCWebContentFilterErrorDomain</string>
<key>LocalizedDescription</key>
<string>The Content Filter service encountered an internal error.</string>
<key>USEnglishDescription</key>
<string>The Content Filter service encountered an internal error.</string>
</dict>
<dict>
<key>ErrorCode</key>
<integer>10</integer>
<key>ErrorDomain</key>
<string>NEConfigurationErrorDomain</string>
<key>LocalizedDescription</key>
<string>permission denied</string>
</dict>
</array>
<key>Status</key>
<string>Error</string>
<key>UDID</key>
<string>5d6e2789ce3bf01bbe83776b9735b7176ec550e3</string>
</dict>
</plist>
I have also got an issue regard this . I cant able to apply two plugin webcontent filters of different bundle identifiers to the same device.
I have also tried with apple configurator steps too.
I have attached the logs received from the device on the request of InstallProfile. Can you help on this?
This behavior is the same in iPhone also. We have posted a feedback in Feedback Assistant portal - FB12183156. Kindly help us with this case.
Same Issue still .Have anyone found any solution for this
Seems the issue is not happening with iOS 17.1 OS .