Kerberos SSO

Question

Created Jul ’20

Replies 3

Boosts 0

Participants 1

I need to experiment with the Kerberos SSO and ASAuthorizationSingleSignOnProvider.

Is there a way to do this that doesn't involve setting up a small company with an IT department?

Ideally I'd use Catalina with OS X Server on a Parallels as my server with another Catalina install on Parallels as the client machine with a DDNS.

The OS X Server docs say I need static IPs and registered domain names. So far only my directory administrator shows up in the directory.

I haven't figured out how to do MDM yet.

Pointers appreciated.

Answered by joconnor in 627785022

My problem was that I messed up the SSO policy plist I was sending down from SimpleMDM. Copying the sample plist verbatim but changing the domain/host got it basically working.

Boost

Answer 1

joconnor OP

Jul ’20

I'm enrolling a Parallels VM into SimpleMDM and trying to push down the Single Sign-On configuration to it as a custom configuration. So far I haven't seen the policy come down, though I've pushed down System Update successfully.

0

Answer 2

joconnor OP

Jul ’20

Solved the problem with no users showing up.
Solved the problem with the policy. Thanks to the tech support at SimpleMDM for that.

I'm unfamiliar with what sort of URL to initialize the ASAuthorizationSingleSignOnProvider with, though.
[authProvider canPerformAuthorization] returns false and I'm pretty sure it is because I don't have the policy right yet OR the URL is wrong.

0

Answer 3

joconnor OP

Aug ’20

Accepted Answer

My problem was that I messed up the SSO policy plist I was sending down from SimpleMDM. Copying the sample plist verbatim but changing the domain/host got it basically working.

0