Monday
Hey everyone,
I’ve set up Jamf Connect with Google IdP following the documentation and tested it; everything seems to run fine. However, I've run into issues during PreStage Enrollment deployment in Jamf Pro. I can’t seem to launch Jamf Connect properly for local account creation to show the Google login screen. Right after the Setup Assistant, it only shows a black login screen with empty fields for user and password. According to troubleshooting, it might be due to the permissions in the package, but since I’m using the official Jamf Connect 2.42.0 package and distributing it through Cloud Distribution Point (Jamf Cloud), I don’t think there should be an issue.
Has anyone had a similar experience and found a solution?
Here is my configuration excluding secrets:
<key>AllowNetworkSelection</key>
<true/>
<key>CreateJamfConnectPassword</key>
<true/>
<key>CreateNewUserHide</key>
<true/>
<key>DenyLocal</key>
<false/>
<key>EnableFDE</key>
<true/>
<key>EnableFDERecoveryKey</key>
<false/>
<key>Migrate</key>
<true/>
<key>OIDCIgnoreAdmin</key>
<false/>
<key>OIDCNewPassword</key>
<true/>
<key>OIDCProvider</key>
<string>GoogleID</string>
<key>OIDCRedirectURI</key>
<string>https://127.0.0.1/jamfconnect</string>
<key>OIDCUsePassthroughAuth</key>
<true/>
Monday
How are you installing the Jamf Connect package?
Are you installing it in your prestage so that it gets installed during setup?
Do you you have your Jamf Connect configuration profile scoped in your Prestage AND properly scoped so it doesn't get removed after install?
If you are doing all that, when did you upload your package to Jamf? Was it in the last month or so? There is a Product Issue with Jamf 11.11 & 11.11.1 where uploaded packages are not being checksummed correctly and will fail to install in a prestage. It is supposed to be fixed in 11.12, which hopefully will be released soon.
It you did just recently upload the package, contact Jamf support, I think they have a work around to correct the file upload so you can use it in your Prestage.
Monday
Thanks for you reply! Yes, I've included the package in the prestage, scoped in on the same computers as configuration profiles. But I've re-uploaded the package today and our instance is on 11.11.2... So perhaps that is the issue. I've contacted the support as well, so we will see.
Monday
If you are using jamfconnect 2.42, it fails to install on prestage. Use version 2.41
yesterday
Oh really? So both Jamf Pro and Jamf Connect latest versions are bugged? 😳
Monday
If you are deploying a branding package via prestage, it must be signed correctly.
Here is the relevant help files page - Packaging Jamf Connect Files and Images with Composer
and here is a link to Creating a Signing Certificate Using Jamf Pro's Built-in CA to Use for Signing Configuration Profile...
yesterday
I'm not.
Monday
@mickgrant jamf connect packages are already signed by Jamf and notarized by Apple
Monday
Jamf Connect packages are, but any logos or branding being deployed to be used by Jamf Connect must be signed. Which is why I posted the links to the documentation where it says as much
yesterday
It really looks like the package didn’t even install. Account creation was skipped and admin account was hidden from the user as configured in the prestage. I tried deploying connect version 2.41.0 with the same result.
yesterday
Check the management logs. Under history of management logs, you would see something like this if it is installed.
yesterday - last edited yesterday
cross check jamf connect configuration profile, make sure Idp is reachable on the network and url is mentioned correctly