Skip to main content
Question

Run a script on jamf pro server

  • July 23, 2024
  • 5 replies
  • 45 views
BCPeteo
Forum|alt.badge.img+11

Is there any way to get JAMF to run a script locally on a JAMF pro server?

 

I am trying to find a good solution to create a bearer token to pass to a script as I do not want to pass API user name/ password or base64, or encrypted credentials to a script  that gets a bearer token as these all will eventually be viewable on the users machine. If there was a way for a script to be run locally on the Jamf server to create the bearer token that then could be passed to a policy at least it would be more secure as we have control over the JAMF server. Any solutions out there? 

    5 replies

    jamf-42
    Forum|alt.badge.img+17
    • jamf-42
    • Esteemed Contributor
    • July 23, 2024

    unless Im reading the documentation wrong (very possible) you don't want to run API calls from the end point (people do, not sure they should) as how would you rate limit this? 

    Maybe something like Postman would help? 

     

     

    AJPinto
    Forum|alt.badge.img+26
    • AJPinto
    • Legendary Contributor
    • July 23, 2024

    I think we need to step back and talk about what problem you are trying to solve, then discuss possible solutions.

     

    Is what you are asking possible? Yes, you need to stand up a separate webserver and have the scripting run as a scheduled task. Ideally this should be done on a totally separate server/VM rather than the same server that Jamf is hosted on. However, keep in mind you are literally writing an appliance/application and there are likely tools that already do what you are wanting.

    BCPeteo
    Forum|alt.badge.img+11
    • BCPeteo
    • Author
    • Contributor
    • July 23, 2024

    unless Im reading the documentation wrong (very possible) you don't want to run API calls from the end point (people do, not sure they should) as how would you rate limit this? 

    Maybe something like Postman would help? 

     

     


    Yes. the API script would be run once daily per a computer check-in to get info from a LDAP field which would store that info in a plist on the the users system

    jamf-42
    Forum|alt.badge.img+17
    • jamf-42
    • Esteemed Contributor
    • July 23, 2024

    Yes. the API script would be run once daily per a computer check-in to get info from a LDAP field which would store that info in a plist on the the users system


    maybe webhooks would work? https://developer.jamf.com/developer-guide/docs/webhooks

    BCPeteo
    Forum|alt.badge.img+11
    • BCPeteo
    • Author
    • Contributor
    • July 23, 2024

    maybe webhooks would work? https://developer.jamf.com/developer-guide/docs/webhooks


    Thanks, this is really interesting. But it seems you need a separate webserver setup and does not seem like it would work as you would need the bearer token created before an event happened, not after.

    This tool looks real nice though:

    https://marketplace.jamf.com/details/jawa

    Probably will look into other solutions to run an API script to do everything on a secure server. Bummer Jamf does not offer a way to generate an API bearer token on the fly to pass to a policy script

    Terms & ConditionsCookie settingsAccessibility statement