Please tell me two things about "Safari Password Autofill Domains" in my domain settings.
Incident
The behavior of the following items in the Domains setting differs between "no setting" and "edit and delete setting values".
Subject: Safari Password Autofill Domains
Steps to Reproduce(Delete the setting value)
enter any value in "Safari Password Autofill Domains" in the domain settings and save it.
Delete the value entered in step 1.
Distribute to the terminal.
Result
If no settings: A pop-up window will appear asking if the password is to be saved in all domains. The key "SafariPasswordAutoFillDomains" is not present in the configuration profile.
Edited to remove the value: The "Save Password AutoFillDomains" popup does not appear for all domains. The key "SafariPasswordAutoFillDomains" exists in the configuration profile and an empty array remains.
Question 1.
Is it expected that the behavior is different when "Safari Password Autofill Domains" is not configured and when the configuration value is edited and removed?
Question 2
Is it expected that "" remains in the configuration profile when the setting value is edited and deleted?
Explore the intersection of business and app development. Discuss topics like device management, education, and resources for aspiring app developers.
Post
Replies
Boosts
Views
Activity
Please Apple...
its almost a month now, and I (we) haven't heard back from you. since we have been sending mails.. Consigning our Upgrade to an Organization.
I (we) provided all the necessary, Information needed to update our individual apple Developer account to an Organization developer account . and I (we) haven't heard back from you.
the error we are getting on our account
We’re processing your membership migration from an individual to an organization.
Please note that your membership benefits are temporarily disabled during this time.
Also... With this delay from getting response from you, we hope our expires for the apple Developer payment would be shifted , as we haven't been able to access our account for almost a month ?
Below are the case numbers, generated by apple hopefully fall are correct
{ 102228853402 }
{ 102243840694 }
{ 102245033626 }
{ 102241341764 }
{ 102236317557 }
{ 102229955599 }
In the Apple Business Connect - When adding Attributes to the Place Card>Save>Address is wiped
This continuously happens when it clears data fields that were previously saved.
https://www.awesomescreenshot.com/video/25583267?key=adc1e136af1ba0b7cfa453dcd613f4b4
We have a few development servers that implement MDM and I am trying to incorporate WatchOS Enrollment. I am having trouble connecting to our enrollment URL that is defined in the watch enrollment payload. The error I get indicates that the server certificate is invalid. I can see this error if I attempt to pair to an iPhone that has the WatchOS enrollment declaration on it and I also see if I send an iMessage with our server url and attempt to open the url using the messages app on the watch itself.
The certificate is valid, but the SAN does not define my particular domain but rather it uses a wildcard (i.e. DNS Name: *.domain.com and DNS name: domain.com).
The url opens fine on any other Apple device (iPhone, iPad, Mac, etc) as well as windows.
My question is, is there some problem with using an SSL server certificate that has a wildcard in place of a specific domain when attempting to connect using WatchOS?
I would like to know how secure the communication between the reseller and organisation. Because we are providing organisation id and getting the reseller id information. Post providing organisation id, did reseller able to see any information about the organisation or not? If reseller able to see the information then need to know what are all the information they able to see it. Thanks.
Hello,
I could not find information in the doc (which is still beta, I understand) : how are app upgrade handled by DDM AppManaged ?
With MDM, sending InstalledApplication command will upgrade the app to the most suitable recent version ; HasUpdateAvailable flag tells MDM server (more or less accurately) if there is an update and then Organizations can keep apps up to date as quickly as possible if needed.
But with DDM, we just have a declaration where we tell the device to install a given app, and that's it. Is there any detail about how the device upgrades apps, and how frequently ?
Thanks.
Hi,
I am trying to delete a VPP application from our MDM solution, but it is failing with the error: The app failed to delete. Enure that the app is not associated with any VPP license in Apple Business Manager and try again.
I have revoked ALL the app licenses from our MDM and it shows License not found, when checking. However in ABM it still shows a small number 'in use'. Is there a easy\clever way I can delete the 'in use' licenses from ABM or somehow send a revoke command via API to revoke those licenses in ABM?
Thanks for looking
After I submitted our app, it was rejected with reasons:
`"Regarding 5.1.1, the following fields or actions are required for registration but do not appear to be directly relevant to your app’s core functionality:
Thai National ID
Phone number.
To resolve this issue, it would be appropriate to either remove all required fields that are not relevant to the app or make those fields optional."`
I need the two fields above. How can I resolve it? I asked reviewer but they said they cannot help detail feature for us.
About phone numbers, our system wants to send SMS to them, change passwords, and send notification. Step: (edit profile -> edit phone number -> verify OTP) to change password you can check it.
About Thai National ID, do you think it can be suitable when we use it for KYC, and verify customers? Actually, when the user registers a new account, if we do not approve the account, means KYC is unsuccess, the user will not use any main features (Saving and interest pay invoice). We are using Thai national ID and password to login.
I have found that Declarative management, although intriguing and could be useful in the future, is quite lacking. At this point in development, I don't see an advantage over using MDM commands.
In order for a device to apply policies, the device must first post to a server to receive the manifest set, then for each item in the set, the device must post to the server to get the policy. How is that better than posting via MDM to obtain a policy (configuration profile, app, etc.)? It seems there is no benefit in terms of time complexity. In both scenarios the device would need to make O(n) posts. This doesn't solve the scalability issue with regards to the MDM channel.
The limitation with regards to available native declarations vs configuration profiles means declarative management is not yet ready for prime time. Although the first attempt at solving this through LegacyProfiles allows for installing ConfigurationProfiles, this method adds another POST, so at this point it's 1 post to get the manifest, then 2 mores posts to get the policy, which is even worse that MDM.
Regarding the status channel, the status report is missing quite a bit of device information. Currently, in order to obtain a more complete view of device state using MDM, the MDM server must send a set of commands to get information, installed profiles, apps, certificate, etc. The Status channel includes some of this stuff, but not all of it, which means a device must augment the status channel with some (or all) of these commands.
I am a beta tester on behalf of the College Board for the Bluebook app, which administers the digital SAT. For the first admissions year when most universities are no longer going test-optional, more university-bound sixth-form pupils sit the digital SAT. Some students who are sitting on the SAT could receive an unfair advantage due to them reverse-engineering the app using Ghidra and using that to make a duplicate version of the app which will show correct answers and/or disable Assessment mode to cheat on the exam. I need to know if it is possible, if the student has prior Computer science knowledge, and what is the procedure for doing the following:
Disabling assessment mode through terminal function or another internal coding source
Reverse engineering the Bluebook app, and recreating it through Xcode and editing the code to automatically fill out the correct answer
Reverse engineering the Bluebook app, and recreating it through Xcode and editing the code to disable assessment mode as a whole
Please tell me as this will give those who cheat a severely unfair advantage over those who studied hard for it
The profiles command shows them, but the Store file/directory is blocked off from access (which, I suppose, kinda makes sense).
(We are in the process of getting customers to upgrade the profile, and if I can see whether our profile has an entry, then I can behave differently.)
Hi, I'm looking into ACME Managed Deice Attestation and was wondering about one of the values in the payload - AllowAllAppsAccess.
From the documentation: "If true, all apps have access to the private key" but what is the case that you would have this set to true? seems like it opens up the device to potentially malicious software.
Also, if this were set to true, how would an app access this private key when it is stored in the Secure Enclave? is there a specific tag that it is stored with?
Is there a way to check if DDM(Declarative Device Management) is enabled on a device?
I'm trying to implement ACME managed device attestation, I have ACME server code written in C# and I've been able to get all of the steps working except for the very last one - issuing the certificate.
I so far have not been able to get the device to accept the certificate, the device logs show:
Got certificate {length = ......}
ACME request flow failed at step 9: Error Domain=NSOSStatusErrorDomain Code=-67673 "failed to obtain certificate" UserInfo={NSLocalizedDescription=failed to obtain certificate}
The certificate is issued by an internal CA and the correct root certificate is in the device's trusted certs.
I have tried returning the certificate chain as a file response or content response to the device as a "application/pem-certificate-chain" mime type (as outlined as the default in the ACME RFC), returning just the leaf certificate as PEM, returning the leaf certificate as DER with mime type "application/pkix-cert", "application/pkcs7-mime", "application/x-pkcs12" or "application/x-x509-ca-cert", but none of this has worked.
Can anyone point me in the right direction to figure out what the issue is?
Hi all.
I'm trying to implement a Platform SSO extension for macOS and I'm freaking out. It's so complicated and with almost zero guidance documentation.
I established a starting point in my SSO extension and I get the registration request to my beginDeviceRegistrationUsingLoginManager (I managed all the AASA file, MDM stuff).
In this method I'm creating a ASAuthorizationProviderExtensionLoginConfiguration and I try to save it into the loginManager (ASAuthorizationProviderExtensionLoginManager which I get from the method) using saveLoginConfiguration.
It worked fine, and without changing anything I started getting the next error:
failed to save loginConfiguration: Error Domain=com.apple.AuthenticationServices.AuthorizationError Code=1000 "(null)" UserInfo={NSUnderlyingError=0x7ff77ff63b30 {Error Domain=com.apple.PlatformSSO Code=-1008 "Token endpoint URL is not approved profile URL." UserInfo={NSLocalizedDescription=Token endpoint URL is not approved profile URL.}}}
This is my configuration:
ASAuthorizationProviderExtensionLoginConfiguration *loginConfiguration = [[ASAuthorizationProviderExtensionLoginConfiguration alloc] initWithClientID:@"***" issuer:@"https://auth.platformsso.ping-eng.com/as" tokenEndpointURL:[NSURL URLWithString:@"https://auth.platformsso.ping-eng.com/as/token"] jwksEndpointURL:[NSURL URLWithString:@"https://auth.platformsso.ping-eng.com/as/jwks"] audience:@"***"];
And this is where it breaks:
BOOL saveConf = [self.loginManager saveLoginConfiguration:loginConfiguration error:&confError];
Can someone help me with this error please?
Hello Apple Community,
Issue encountered during the installation of an app via DDM (Declarative Device Management) on iOS 17.3 devices.
When applying an app configuration and managed app list status event through declarative management, the configuration is successfully applied, but the configured app is not being installed on the device. Upon closer inspection, we have identified that the error "ManagedAppDistribution.ManagedAppDistributionError" is being logged during this process.
My Configuration:
{
"Type": "com.apple.configuration.app.managed",
"Identifier": "com.mdm.1740e623-4361-498d-af02-b433500d58bd.ManagedAppDDM",
"ServerToken": "1706282674113",
"Payload": {
"AppStoreID": "361309726",
"InstallBehavior": {
"License": {
"VPPType": "Device"
},
"Install": "Required"
}
}
}
{
"Type": "com.apple.configuration.management.status-subscriptions",
"Identifier": "com.mdm.9c70c80f-406a-425a-8829-1025652f05c6.ManagedAppListStatus",
"ServerToken": "1706282673976",
"Payload": {
"StatusItems": [
{
"Name": "app.managed.list"
},
{
"Name": "mdm.app"
},
{
...
}
]
}
}
DDM Response:
{
"StatusItems": {
"management": {
"declarations": {
"activations": [
{
"active": true,
"identifier": "DEFAULT_ACT_0",
"valid": "valid",
"server-token": "1706282674113"
}
],
"configurations": [
{
"active": true,
"identifier": "DEFAULT_STATUS_CONFIG_0",
"valid": "valid",
"server-token": "3"
},
{
"active": true,
"identifier": "com.mdm.1740e623-4361-498d-af02-b433500d58bd.ManagedAppDDM",
"valid": "valid",
"server-token": "1706282674113"
},
{
"active": true,
"identifier": "com.mdm.9c70c80f-406a-425a-8829-1025652f05c6.ManagedAppListStatus",
"valid": "valid",
"server-token": "1706282673976"
}
],
"assets": [],
"management": []
}
}
},
"Errors": [
{
"Reasons": [
{
"Code": "ManagedAppDistribution.ManagedAppDistributionError.0",
"Description": "The operation couldn’t be completed. (ManagedAppDistribution.ManagedAppDistributionError error 0.)"
}
],
"StatusItem": "app.managed.list"
}
]
}
Note : The ManagedAppDistribution framework extension appears to not be implemented in this context.
Kindly help us with this issue. Thanks in advance.
Please tell me about the NotNow status returned by the MDM command for Apple devices.
◾️I would like to check
I am aware that there are some MDM commands that return a status NotNow when the device is locked and the command cannot be executed.
I am aware of InstallProfileCommand and SecurityInfoCommand.
https://developer.apple.com/documentation/devicemanagement/installprofilecommand
https://developer.apple.com/documentation/devicemanagement/securityinfocommand
Please answer the following two questions.
◾️Question
I would appreciate an answer with the official name of the command and the URL of the command's reference, if possible.
Question 1
Please tell us if there are commands other than InstallProfileCommand and SecurityInfoCommand that return status NotNow because the command cannot be executed if the terminal is locked.
Question 2
Please tell us if any of the following commands return the status NotNow because the command cannot be executed if the terminal is locked.
DeviceConfiguredCommand
AvailableOSUpdatesCommand
ScheduleOSUpdateCommand
OSUpdateStatusCommand
Is it legal to use Apple's official technical documentation for training GPTs, and if so, where can I download the PDF version of the official documents?
Hello, Dear Engineers
I have distributed a management profile from Aplle Configurator to my terminal with reference to the following document
https://developer.apple.com/documentation/devicemanagement/cellularprivatenetwork
Situation:
We tested the device in an environment where both Wi-Fi and cellular connections were available,
Wi-Fi seemed to have priority in the operation.
This is because CellularDataPreferred, which is set in the distributed management profile, is enabled,
I would like cellular to be given priority.
I am using iPhone 15 (iOS 17.1.2).
Question:
・Is there anything else missing besides the Profile Example to make CellularPrivateNetwork's Device Management Profile work properly?
・Has anyone confirmed that CellularPrivateNetwork's Device Management Profile works correctly?
BestRegards
hi!
https://developer.apple.com/documentation/devicemanagement/applayervpn
I have a question about AssociatedDomains in the AppLayerVPN reference above.
From the description, I believe that this property triggers the VPN when the app is launched with a universal link and connects to the domain specified in AssociatedDomains.
Is that correct in your understanding?
I specified "twitter.com" as a test, and the VPN was not triggered when the universal link was executed from safari, etc.
How can I make a VPN connection with the domain connection specified in the AssociatedDomains property?
If you could please let us know with some real life examples.
I will pass on your thanks in advance.
Thanks.