@ pradeepfromsymc
Using SFAuthorizationPluginView also helps me display the UX and invoke my app
I have written an authorization plugin using SFAuthorizationPluginView and it does get invoked at the lock screen but it doesn't display the UI at all. I get an alert box saying "You must enter your password to continue" with OK and Cancel buttons.
If I just set rule (method below) to "authenticate-session-owner-or-admin" in system.login.screensaver while not adding mechanism of my Authorization Plugin in 'authenticate' then I get editable username and password fields and I can login with native macOS credentials.
@eskimo
Code Block use-login-window-ui |
If you remove that then you fall back to a legacy code path that is compatible with third-party authorisation plug-ins
I've tried to invoke my Authorization Plugin at lock screen by doing this. But, it displays only a black screen if I write my mechanism in the "authenticate" entry of authdb. It displays username and password fields (NOT a feature of my auth plugin) if "authenticate" entry of authdb is not changed.
I've tried this:
Code Block sudo security authorizationdb write system.login.screensaver < myfile.plist |
The file is:
Code Block xml <?xml version="1.0" encoding="UTF-8"?> |
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> |
<plist version="1.0"> |
<dict> |
<key>allow-root</key> |
<false/> |
<key>authenticate-user</key> |
<true/> |
<key>class</key> |
<string>rule</string> |
<key>comment</key> |
<string>The owner or any administrator can unlock the screensaver, set rule to "authenticate-session-owner-or-admin" to enable SecurityAgent.</string> |
<key>created</key> |
<real>619370235.93105304</real> |
<key>modified</key> |
<real>619370235.93105304</real> |
<key>rule</key> |
<array> |
<string>authenticate-session-owner-or-admin</string> |
</array> |
<key>session-owner</key> |
<true/> |
<key>version</key> |
<integer>1</integer> |
</dict> |
</plist> |
I've used this file also:
Code Block xml<?xml version="1.0" encoding="UTF-8"?> |
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> |
<plist version="1.0"> |
<dict> |
<key>allow-root</key> |
<false/> |
<key>authenticate-user</key> |
<true/> |
<key>class</key> |
<string>user</string> |
<key>created</key> |
<real>592759977.27845001</real> |
<key>group</key> |
<string>admin</string> |
<key>mechanisms</key> |
<array> |
<string>CustomAuthorizationPlugin:invoke</string> |
<string>builtin:authenticate,privileged</string> |
<string>builtin:auto-login,privileged</string> |
<string>builtin:forward-login,privileged</string> |
<string>PKINITMechanism:auth,privileged</string> |
</array> |
<key>rule</key> |
<array> |
<string>authenticate-session-owner-or-admin</string> |
</array> |
<key>modified</key> |
<real>601410763.90900505</real> |
<key>session-owner</key> |
<true/> |
<key>shared</key> |
<false/> |
<key>timeout</key> |
<integer>2147483647</integer> |
<key>tries</key> |
<integer>10000</integer> |
<key>modified</key> |
<real>498674468.80855602</real> |
<key>version</key> |
<integer>0</integer> |
</dict> |
</plist> |
I've changed authenticate entry of authDB using:
Code Block shellsudo security authorizationdb write authenticate < myfile.plist |
My file for it is:
Code Block xml<?xml version="1.0" encoding="UTF-8"?> |
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> |
<plist version="1.0"> |
<dict> |
<key>allow-root</key> |
<false/> |
<key>authenticate-user</key> |
<true/> |
<key>class</key> |
<string>user</string> |
<key>created</key> |
<real>619370235.93105304</real> |
<key>group</key> |
<string>admin</string> |
<key>mechanisms</key> |
<array> |
<string>CustomAuthorizationPlugin:invoke</string> |
<string>builtin:forward-login,privileged</string> |
<string>builtin:auto-login,privileged</string> |
<string>builtin:authenticate,privileged</string> |
<string>PKINITMechanism:auth,privileged</string> |
</array> |
<key>modified</key> |
<real>619370235.93105304</real> |
<key>session-owner</key> |
<true/> |
<key>shared</key> |
<false/> |
<key>timeout</key> |
<integer>2147483647</integer> |
<key>tries</key> |
<integer>10000</integer> |
<key>version</key> |
<integer>0</integer> |
</dict> |
</plist> |
|
I've even tried this:
Code Block xml<?xml version="1.0" encoding="UTF-8"?> |
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> |
<plist version="1.0"> |
<dict> |
<key>allow-root</key> |
<false/> |
<key>authenticate-user</key> |
<true/> |
<key>class</key> |
<string>user</string> |
<key>created</key> |
<real>619370235.93105304</real> |
<key>group</key> |
<string>admin</string> |
<key>mechanisms</key> |
<array> |
<string>CustomAuthorizationPlugin:invoke</string> |
</array> |
<key>modified</key> |
<real>619370235.93105304</real> |
<key>session-owner</key> |
<true/> |
<key>shared</key> |
<false/> |
<key>timeout</key> |
<integer>2147483647</integer> |
<key>tries</key> |
<integer>10000</integer> |
<key>version</key> |
<integer>0</integer> |
</dict> |
</plist> |
|
__
Code Block swiftlet domain = "hotmail.com" |
let temp = "1_1" |
let mail = "rehan\(temp)@\(domain)" |