I'm having a couple problems using Apple Configurator 2 profiles with my packet tunnel provider extension. These are specific to macOS; iOS works fine.
1. ProviderBundleIdentifier is a required property on macOS, however there doesn't appear to be any way to specify it in Apple Configurator 2. It seems I have to manually edit the exported .mobileconfig file and add the necessary XML. This gets even trickier with a signed profile; I have to save it from AC2, then edit the XML, then go back into AC2 to do the signing. Am I overlooking something, or should I file a radar?
2. Profiles with client certificate identities trigger a security prompt during login:
<VPN name> wants to sign using key "Configuration Profiles" in your keychain.
Do you want to allow access to this item?
[Always allow] [Deny] [Allow]
Is this expected behavior? Is there anything that can be done in AC2 to pre-populate the ACL for the private key to allow my VPN app/extension to access it silently? Or is there a special way I can access the identity from my VPN app/extension? I'm currently authenticating via URLSession/URLCredential before establishing the tunnel connection. Maybe that's not the expected approach?
Thanks
Mike