Help

Jamf Connect 2.4.5 broke Local Password prompt

Go to solution
fimi
New Contributor III

Posted on ‎09-27-2021 08:01 AM

Hey Everyone,

Not sure what version this happened on, but we thought to do a test on new enrollments and since 2.4.5 on the part where a user logs into azure and then asks to enter their network password. We get an "Invalid Request". We we're on 2.2.2 before this.

 

Some have suggested to change this to true.

"Create a Separate Local Password

If set to true, this key prompts users to create a new password for their new local account. If set to false, this key prompts users to re-enter their network password, which also becomes the local account password. This ensures a user's network and local password are synced during user creation."

 

We don't want to do this as it creates confusion when it's time to reset the password back to Azure. Unless something changed, Jamf connect cannot write back directly to Azure. We've been needing to go through the SPR.

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
fimi
New Contributor III

Posted on ‎01-20-2022 06:46 AM

Update: Solution was just to recreate a new configuration profile  and removing as many keys as possible that aren't in use.

View solution in original post

0 Kudos
3 REPLIES 3

Go to solution
mikevandelinder
Contributor
Contributor

Posted on ‎09-27-2021 08:18 AM

@fimi would you mind sharing a redacted copy of your configuration profiles? I’d be looking for extraneous settings that could cause an endpoint conflict during authentication. 

0 Kudos

Go to solution
fimi
New Contributor III
In response to mikevandelinder

‎09-28-2021 12:57 AM - edited ‎09-28-2021 01:15 AM

@mikevandelinder Here's what we've been using and it's been fine until the update. 

 

 

    <key>OIDCDefaultLocal</key>
    <false/>
    <key>OIDCNewPassword</key>
    <false/>
    <key>OIDCProvider</key>
    <string>Azure</string>
    <key>OIDCClientID</key>
    <string>blahblah</string>
    <key>OIDCROPGID</key>
    <string>blahblah</string>
    <key>OIDCRedirectURI</key>
    <string>RedurectURI</string>
    <key>OIDCClientSecret</key>
    <string>blahblah</string>
    <key>OIDCIgnoreAdmin</key>
    <false/>
    <key>OIDCTenant</key>
    <string>blahblah</string>
    <key>OIDCIgnoreCookies</key>
    <false/>
    <key>CreateJamfConnectPassword</key>
    <true/>
    <key>LocalFallback</key>
    <false/>
    <key>LoginScreen</key>
    <false/>
    <key>CreateAdminUser</key>
    <false/>
    <key>DemobilizeUsers</key>
    <false/>
    <key>DenyLocal</key>
    <false/>
    <key>LDAPOverSSL</key>
    <false/>
    <key>Migrate</key>
    <false/>
    <key>MigrateUsersHide</key>
    <array/>
    <key>RightsTmpCache</key>
    <false/>
    <key>AllowNetworkSelection</key>
    <false/>
    <key>EnableFDE</key>
    <false/>
    <key>EnableFDERecoveryKey</key>
    <false/>
    <key>ROPGProvider</key>
    <string>Azure_v2</string>
    <key>ROPGTenant</key>
    <string>blahblah</string>
    <key>ROPGRedirectURI</key>
    <string>RedirectURI</string>

 

 

Go to solution
fimi
New Contributor III

Posted on ‎01-20-2022 06:46 AM

Update: Solution was just to recreate a new configuration profile  and removing as many keys as possible that aren't in use.

0 Kudos