Hi Guys!
I've been reading material, and watching the "Don't Forget Your Bade! | JNUC 2018" video, and I see the speaker did Attribute Mapping with this file: /etc/SmartcardLogin.plist
Basically I'm trying to figure out how to get this information below into Jamf to deploy to systems...
/usr/sbin/sc_auth identities | awk '/PIV/ {print $1}'
| tr '[:upper:]' '[:lower:]' | sed 's/.{8}/& /g' | sed 's/.$//g'
/usr/sbin/system_profiler SPSmartCardsDataType | grep -A5 "$hash"
| awk '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/
{print; count++; if (count==3) exit}' | fold -w67 > /tmp/temp.pem
UPN="$(/usr/bin/openssl asn1parse -i -dump -in /tmp/temp.pem -strparse
$(/usr/bin/openssl asn1parse -i -dump -in /tmp/temp.pem
| awk -F ':' '/X509v3 Subject Alternative Name/ {getline; print $1}')
| awk -F ':' '/UTF8STRING/{print $4}')"
/bin/cat > "/etc/SmartcardLogin.plist" << 'Attr_Mapping'
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>TrustedAuthorities</key>
<array>
<string>SHA-256_HASH_GOES_HERE</string>
</array>
<key>AttributeMapping</key>
<dict>
<key>fields</key>
<array>
<string>NT Principal Name</string>
</array>
<key>formatString</key>
<string>Kerberos:$1</string>
<key>dsAttributeString</key>
<string>dsAttrTypeStandard:AltSecurityIdentities</string>
</dict>
</dict>
</plist>
Attr_Mapping
From the looks of it I create 2 script files, and deploy this via policy. 1 as self service, and the other with the SHA256 key as a script that just deploys during every check in. Just need some clarification or for someone to tell me this is totally wrong, and it should be done another way :).
We already got the Catalina Kerberos SSO extension working.
