Account driven UserEnrollment - Device info request body parsing issue

We are trying out Account Driven User Enrollment feature. Device is expected to send the device info(plist) (snippet below) during User enrolment in new flow as part of profile download request. Device is sending with HTTP request content type as "application/x-www-form-urlencoded", because of this HTTP request content type, we are not able to read the body as stream of bytes and parse the xml. In comparison to usual device enrolment workflow device info gets posted with the http request content-type  as "application/pkcs7-signature" which has been working fine without any issues.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>LANGUAGE</key>
  <string>en-US</string>
  <key>PRODUCT</key>
  <string>iPhone10,2</string>
  <key>VERSION</key>
  <string>19A222</string>
</dict>
</plist>

Can you please confirm if this is an issue from Apple side? Any suggestions around this?

Up vote post of BlueTeam Down vote post of BlueTeam
740 views
Posted by
BlueTeam
Reply
Add a Comment

Replies

I also encountered the same issue. It seems to be fixed on iOS 17 beta. (I don't have iOS 16 device, so I cant check it :)

Some application framework raises an error on receiving pkcs7 body with application/x-www-form-urlencoded header, and we would have to handle it by monkey-patching the web framework. For example Ruby on Rails raises error and we can avoid it by monkey-patching Rack with middleware like this

class FixContentTypeMiddleware
  def initialize(app)
    @app = app
  end

  def call(env)
    if env['REQUEST_PATH'] == '/mdm-byod/enroll'
      # iOS 15 is buggy. It sends Content-Type: application/x-www-form-urlencoded
      # and Rack raises errors Invalid query parameters: invalid %-encoding.
      if env['CONTENT_TYPE'] == 'application/x-www-form-urlencoded'
        # just avoid it by rewriting Content-Type
        env['CONTENT_TYPE'] = 'application/pkcs7-signature'
      end
    end
    @app.call(env)
  end
end
Posted by
YusukeIwaki
Up vote reply of YusukeIwaki Down vote reply of YusukeIwaki
Add a Comment