I want to know the format of the MDM profile sent in User Enrollment.

App & System Services Core OS
shigeharu_matsumoto OP
Created Mar ’24
Replies 2
Boosts 0
Views 358
Participants 2

I performed the following process in User Enrollment, but it seems that the registration process cannot be performed because the profile format is incorrect or the parameters are invalid.

  1. General > Access your account with VPN and device management
  2. Redirect to authentication screen as MDM server is accessed
  3. Set credentials and redirect
session[:token] = "xxxxxxxxxx"
redirect_to "apple-remotemanagement-user-login://authentication-results?access-token=" + session[:token]
  1. Submit MDM profile
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EncryptedPayloadContent</key>
<data>
MIINqgYJKoZIhvcNAQcDoIINmzCCDZcCAQAxggOeMIH/AgEAMGgwWjELMAkGA1UEBhMC
VVMxEzARBgNVBAoTCkFwcGxlIEluYy4xFTATBgNVBAsTDEFwcGxlIGlQaG9uZTEfMB0G
A1UEAxMWQXBwbGUgaVBob25lIERldmljZSBDQQIKAzNmefeeFseQqzANBgkqhkiG9w0B
AQEFAASBgKS2ch7zsM9M/UflrnAzjjlpcKFzKTR2vRBIeTQ6ZUM79ZFQBkhB/TAsi3NO
tkYIy0Kr/xQD86PDlXpF48JDtuhgB0aQ+Dr28/IIpcTnvR9wE1SFFydnHOoXf5sUvMrZ
9JyhlfGeUGGjfV4dYSVTNv41DFXfjksG9qDZTEHYzyC3MIIBFQIBADB+MHkxCzAJBgNV
BAYTAlVTMRMwEQYDVQQKEwpBcHBsZSBJbmMuMSYwJAYDVQQLEx1BcHBsZSBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTEtMCsGA1UEAxMkQXBwbGUgaVBob25lIENlcnRpZmljYXRp
......
</data>
<key>PayloadDescription</key>
<string>Test</string>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadIdentifier</key>
<string>localhost.mdm</string>
<key>PayloadOrganization</key>
<string>Test</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>16a91248-230c-423c-9dd9-a1480e911b9b</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

EncryptedPayloadContent

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<array>
	<dict>
		<key>AssignedManagedAppleID</key>
		<string>hogehoge@test.link</string>
		<key>CheckInURL</key>
		<string>https://test.link/api/ios/checkin</string>
		<key>CheckOutWhenRemoved</key>
		<true/>
		<key>EnrollmentMode</key>
		<string>BYOD</string>
		<key>IdentityCertificateUUID</key>
		<string>fc7532ea-7fd7-4942-80ba-9fafa0ac5f0a</string>
		<key>PayloadDescription</key>
		<string>Test</string>
		<key>PayloadDisplayName</key>
		<string>test</string>
		<key>PayloadIdentifier</key>
		<string>localhost.mdm</string>
		<key>PayloadOrganization</key>
		<string>Test</string>
		<key>PayloadType</key>
		<string>com.apple.mdm</string>
		<key>PayloadUUID</key>
		<string>9eebe196-17d5-4613-953b-b60e7111282e</string>
		<key>PayloadVersion</key>
		<integer>1</integer>
		<key>ServerURL</key>
		<string>https://test.link/api/ios/mdm</string>
		<key>SignMessage</key>
		<true/>
		<key>Topic</key>
		<string>com.apple.mgmt.External.16a8b279-c4a9-4a33-9f1e-e155ab8161fd</string>
		<key>UseDevelopmentAPNS</key>
		<false/>
	</dict>
	<dict>
		<key>PayloadContent</key>
		<dict>
		<key>Challenge</key>
		<string>dfbd7b151e5c1c03f8a59e775f393791ca618201</string>
		<key>GetCACaps</key>
		<array>
		<string>POSTPKIOperation</string>
		<string>Renewal</string>
		<string>AES</string>
		<string>SHA-256</string>
		</array>
		<key>Key Type</key>
		<string>RSA</string>
		<key>Key Usage</key>
		<integer>5</integer>
		<key>Keysize</key>
		<integer>1024</integer>
		<key>Name</key>
		<string>CA</string>
		<key>Subject</key>
		<array>
		<array>
		<array>
		<string>O</string>
		<string>Test</string>
		</array>
		</array>
		<array>
		<array>
		<string>CN</string>
		<string>e1af8f64-be70-46d3-97b7-fb70e8e0f0f8</string>
		</array>
		</array>
		</array>
		<key>URL</key>
		<string>https://test.link/api/scep</string>
		</dict>
		<key>PayloadDescription</key>
		<string>Test</string>
		<key>PayloadDisplayName</key>
		<string>Test</string>
		<key>PayloadIdentifier</key>
		<string>localhost.encryption-cert-request</string>
		<key>PayloadOrganization</key>
		<string>Test</string>
		<key>PayloadType</key>
		<string>com.apple.security.scep</string>
		<key>PayloadUUID</key>
		<string>fc7532ea-7fd7-4942-80ba-9fafa0ac5f0a</string>
		<key>PayloadVersion</key>
		<integer>1</integer>
	</dict>
</array>
</plist>
Answered by shigeharu_matsumoto in 783752022

Maybe it could be done like this

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>AssignedManagedAppleID</key>
			<string>hoge@test-demo.link</string>
			<key>CheckInURL</key>
			<string>https://test-demo.link/api/ios/checkin</string>
			<key>CheckOutWhenRemoved</key>
			<true/>
			<key>EnrollmentMode</key>
			<string>BYOD</string>
			<key>IdentityCertificateUUID</key>
			<string>01efd239-4749-408d-9eed-1bcfa47e0652</string>
			<key>PayloadDescription</key>
			<string>Test</string>
			<key>PayloadDisplayName</key>
			<string>Test</string>
			<key>PayloadIdentifier</key>
			<string>localhost.mdm</string>
			<key>PayloadOrganization</key>
			<string>Test</string>
			<key>PayloadType</key>
			<string>com.apple.mdm</string>
			<key>PayloadUUID</key>
			<string>d3c23112-ad92-4115-8241-95a216b3b717</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>ServerURL</key>
			<string>https://test-demo.link/api/ios/mdm</string>
			<key>SignMessage</key>
			<true/>
			<key>Topic</key>
			<string>com.apple.mgmt.External.16a8b279-c4a9-4a33-9f1e-e155ab8161fd</string>
			<key>UseDevelopmentAPNS</key>
			<false/>
		</dict>
		<dict>
			<key>PayloadContent</key>
			<dict>
			<key>Challenge</key>
			<string>1c19008e0eb20eacc96469d6b9969d0cd451d265</string>
			<key>GetCACaps</key>
			<array>
				<string>POSTPKIOperation</string>
				<string>Renewal</string>
				<string>AES</string>
				<string>SHA-256</string>
			</array>
			<key>Key Type</key>
			<string>RSA</string>
			<key>Key Usage</key>
			<integer>5</integer>
			<key>Keysize</key>
			<integer>1024</integer>
			<key>Name</key>
			<string>CA</string>
			<key>Subject</key>
			<array>
				<array>
					<array>
						<string>O</string>
						<string>Test</string>
					</array>
				</array>
				<array>
					<array>
						<string>CN</string>
						<string>c08b5a65-3802-436e-b756-cb8ab5b47a49</string>
					</array>
				</array>
			</array>
			<key>URL</key>
			<string>https://test-demo.link/api/scep</string>
			</dict>
			<key>PayloadDescription</key>
			<string>Test</string>
			<key>PayloadDisplayName</key>
			<string>Test</string>
			<key>PayloadIdentifier</key>
			<string>localhost.encryption-cert-request</string>
			<key>PayloadOrganization</key>
			<string>Test</string>
			<key>PayloadType</key>
			<string>com.apple.security.scep</string>
			<key>PayloadUUID</key>
			<string>01efd239-4749-408d-9eed-1bcfa47e0652</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
		</dict>
	</array>
	<key>PayloadDescription</key>
	<string>Test</string>
	<key>PayloadDisplayName</key>
	<string>Test</string>
	<key>PayloadIdentifier</key>
	<string>localhost.mdm</string>
	<key>PayloadOrganization</key>
	<string>Test</string>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>316ad943-367e-49f5-8248-68630ff1e7c4</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
</dict>
</plist>
Replies  2
Boosts  0
Views  358
Participants  2
shigeharu_matsumoto OP
Mar ’24
Accepted Answer

Maybe it could be done like this

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>AssignedManagedAppleID</key>
			<string>hoge@test-demo.link</string>
			<key>CheckInURL</key>
			<string>https://test-demo.link/api/ios/checkin</string>
			<key>CheckOutWhenRemoved</key>
			<true/>
			<key>EnrollmentMode</key>
			<string>BYOD</string>
			<key>IdentityCertificateUUID</key>
			<string>01efd239-4749-408d-9eed-1bcfa47e0652</string>
			<key>PayloadDescription</key>
			<string>Test</string>
			<key>PayloadDisplayName</key>
			<string>Test</string>
			<key>PayloadIdentifier</key>
			<string>localhost.mdm</string>
			<key>PayloadOrganization</key>
			<string>Test</string>
			<key>PayloadType</key>
			<string>com.apple.mdm</string>
			<key>PayloadUUID</key>
			<string>d3c23112-ad92-4115-8241-95a216b3b717</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>ServerURL</key>
			<string>https://test-demo.link/api/ios/mdm</string>
			<key>SignMessage</key>
			<true/>
			<key>Topic</key>
			<string>com.apple.mgmt.External.16a8b279-c4a9-4a33-9f1e-e155ab8161fd</string>
			<key>UseDevelopmentAPNS</key>
			<false/>
		</dict>
		<dict>
			<key>PayloadContent</key>
			<dict>
			<key>Challenge</key>
			<string>1c19008e0eb20eacc96469d6b9969d0cd451d265</string>
			<key>GetCACaps</key>
			<array>
				<string>POSTPKIOperation</string>
				<string>Renewal</string>
				<string>AES</string>
				<string>SHA-256</string>
			</array>
			<key>Key Type</key>
			<string>RSA</string>
			<key>Key Usage</key>
			<integer>5</integer>
			<key>Keysize</key>
			<integer>1024</integer>
			<key>Name</key>
			<string>CA</string>
			<key>Subject</key>
			<array>
				<array>
					<array>
						<string>O</string>
						<string>Test</string>
					</array>
				</array>
				<array>
					<array>
						<string>CN</string>
						<string>c08b5a65-3802-436e-b756-cb8ab5b47a49</string>
					</array>
				</array>
			</array>
			<key>URL</key>
			<string>https://test-demo.link/api/scep</string>
			</dict>
			<key>PayloadDescription</key>
			<string>Test</string>
			<key>PayloadDisplayName</key>
			<string>Test</string>
			<key>PayloadIdentifier</key>
			<string>localhost.encryption-cert-request</string>
			<key>PayloadOrganization</key>
			<string>Test</string>
			<key>PayloadType</key>
			<string>com.apple.security.scep</string>
			<key>PayloadUUID</key>
			<string>01efd239-4749-408d-9eed-1bcfa47e0652</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
		</dict>
	</array>
	<key>PayloadDescription</key>
	<string>Test</string>
	<key>PayloadDisplayName</key>
	<string>Test</string>
	<key>PayloadIdentifier</key>
	<string>localhost.mdm</string>
	<key>PayloadOrganization</key>
	<string>Test</string>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>316ad943-367e-49f5-8248-68630ff1e7c4</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
</dict>
</plist>
0
hazemdra OP
Mar ’24

Hi all

0
I want to know the format of the MDM profile sent in User Enrollment.
First post date Last post date
 
 
Q