I have specified the Approved Kernel Extensions of os_x_configuration_profile as follows.
However, it could not be registered.
After registering the Approved Kernel Extensions on the screen, I can get setting information via API.
Is it impossible to register Approved Kernel Extensions via API?
curl -s -u 'username:password' -H 'accept: application/xml' -T configuration_profile.xml -X PUT https://example.domain/JSSResource/osxconfigurationprofiles/id/43
<?xml version="1.0" encoding="UTF-8"?> <os_x_configuration_profile> <general> <id>43</id> ... <payloads><?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1"><dict> ... <array><string>AAAAAAAAAA</string></array></dict></array> </dict></plist> </payloads> ... </os_x_configuration_profile>
This is a known issue that can be referenced by Product Issue number PI-005671. Please open a ticket with Jamf Support to get a case associated with this ticket and to learn more about possible workarounds.
The general idea behind the workaround is that the API PUT/POST must include the metadata that's auto generated by Jamf Pro. Therefore, you'll want to create a profile via the GUI, extract it via the API or downloading from the GUI and un-signing. This is the data that will need to be PUT/POSTed back to Jamf Pro for it to function without the decryption error.
Finally, when interacting with XML nested with XML, such as the config profile payload within the API request body, it's a good idea to encode the nested XML as described in this article.