MobileConfig for AppProxy Provider

Hi Team,

We are using NEAppProxyProvider.

For easy deployment using MDM like Intune\Jamf, we are able to find sample of System Extensions mobile config and use those.

But, there are no sample mobile configs available for AppProxy Provider. Cannot even find one in Apple Configurator.

Answered by DTS Engineer in 779729022

I am not sure, if it is visible in comments to reply above.

It’s better to reply as a reply; if you reply in the comments, I’m not notified of that. For this and other hints, see Quinn’s Top Ten DevForums Tips.

The target machine is MacOS

Cool. I just happen to have one of those lying around. I’ve pasted the relevant snippets in below.

The weirdest thing in there is the ProviderDesignatedRequirement property. For more background on that, see TN3127 Inside Code Signing: Requirements. That also shows the codesign syntax to dump the DR of a program, which you can run against your provider to get the value you need for the ProviderDesignatedRequirement property.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"


<dict>
    …
    <key>PayloadType</key>
    <string>com.apple.vpn.managed.applayer</string>
    …
    <key>VPNType</key>
    <string>VPN</string>
    <key>VPNSubType</key>
    <string>com.example.apple-samplecode.QNE2AppProxyMac</string>
    <key>UserDefinedName</key>
    <string>QNEAppProxy</string>
    <key>PayloadDescription</key>
    <string>Configures VPN settings</string>
    <key>PayloadDisplayName</key>
    <string>VPN</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
    <key>VPNUUID</key>
    <string>53349962-8857-451D-86FD-4904ABAC7392</string>
    <key>VPN</key>
    <dict>
        <key>RemoteAddress</key>
        <string>88.97.8.212</string>
        <key>AuthenticationMethod</key>
        <string>Password</string>
        <key>AuthName</key>
        <string>mrgumby</string>
        <key>AuthPassword</key>
        <string>opendoor</string>
        <key>ProviderBundleIdentifier</key>
        <string>com.example.apple-samplecode.QNE2AppProxyMac.SysEx</string>
        <key>ProviderDesignatedRequirement</key>
        <string>identifier &quot;com.example.apple-samplecode.QNE2AppProxyMac.SysEx&quot; and anchor apple generic and certificate leaf[subject.CN] = &quot;Apple Development: Quinn Quinn (7XFU7D52S4)&quot; and certificate 1[field.1.2.840.113635.100.6.2.1] /* exists */</string>
        <key>OnDemandMatchAppEnabled</key>
        <true/>
    </dict>
    …
</dict>

there are no sample mobile configs available for AppProxy Provider.

For iOS? Or macOS?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

I am not sure, if it is visible in comments to reply above. The target machine is MacOS

Accepted Answer

I am not sure, if it is visible in comments to reply above.

It’s better to reply as a reply; if you reply in the comments, I’m not notified of that. For this and other hints, see Quinn’s Top Ten DevForums Tips.

The target machine is MacOS

Cool. I just happen to have one of those lying around. I’ve pasted the relevant snippets in below.

The weirdest thing in there is the ProviderDesignatedRequirement property. For more background on that, see TN3127 Inside Code Signing: Requirements. That also shows the codesign syntax to dump the DR of a program, which you can run against your provider to get the value you need for the ProviderDesignatedRequirement property.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"


<dict>
    …
    <key>PayloadType</key>
    <string>com.apple.vpn.managed.applayer</string>
    …
    <key>VPNType</key>
    <string>VPN</string>
    <key>VPNSubType</key>
    <string>com.example.apple-samplecode.QNE2AppProxyMac</string>
    <key>UserDefinedName</key>
    <string>QNEAppProxy</string>
    <key>PayloadDescription</key>
    <string>Configures VPN settings</string>
    <key>PayloadDisplayName</key>
    <string>VPN</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
    <key>VPNUUID</key>
    <string>53349962-8857-451D-86FD-4904ABAC7392</string>
    <key>VPN</key>
    <dict>
        <key>RemoteAddress</key>
        <string>88.97.8.212</string>
        <key>AuthenticationMethod</key>
        <string>Password</string>
        <key>AuthName</key>
        <string>mrgumby</string>
        <key>AuthPassword</key>
        <string>opendoor</string>
        <key>ProviderBundleIdentifier</key>
        <string>com.example.apple-samplecode.QNE2AppProxyMac.SysEx</string>
        <key>ProviderDesignatedRequirement</key>
        <string>identifier &quot;com.example.apple-samplecode.QNE2AppProxyMac.SysEx&quot; and anchor apple generic and certificate leaf[subject.CN] = &quot;Apple Development: Quinn Quinn (7XFU7D52S4)&quot; and certificate 1[field.1.2.840.113635.100.6.2.1] /* exists */</string>
        <key>OnDemandMatchAppEnabled</key>
        <true/>
    </dict>
    …
</dict>
MobileConfig for AppProxy Provider
 
 
Q