Posted on 03-22-2012 02:44 PM
Our Casper server sits behind a nice Blue Coat proxy server which is keeping Casper from talking to Apple's GSX service to retrieve purchase and warranty info. Issue seems to be that our proxy requires authentication which I cannot do from within Casper. What I am trying to do is have the proxy admin list the URL's and ports as "no-auth" so they will pass through the proxy without needing any authentication. Has anyone successfully set something similar to this up? Care to share what the URLs and/or ports are that needed to allow through unchallenged? I've used a couple of http/proxy sniffers to see what URLs are being accessed or re-directed, but I must be missing something as Casper just sits at 0% when retrieving GSX info. Any help appreciated...
Posted on 03-23-2012 05:39 AM
Just a thought, but did you have Web Services enabled for your GSX account?
Posted on 01-31-2014 10:28 AM
Sorry for bringing this thread back to life. Did you ever get an answer on the URLs/ports required for JSS to integrate with GSX?
Posted on 03-07-2014 02:58 PM
Just following up, we recently posed the question to our JAMF Buddy:
Good morning Don, I heard back from our security team regarding the questions that you had about GSX. This is what I got back: The JSS uses the standard SOAP API for interacting with the Apple GSX service. The specific URI, including protocol and port, is specified in the JSS web application Settings Global Management GSX Connection. Selecting a different Region from the drop-down list will automatically populate the URI with the appropriate value. By default, these connections should use secure HTTP (HTTPS) on the standard port (443). Specific details on the GSX API can be found by navigating to the specified URI, such as the following for the Americas: https://gsxws2.apple.com/gsx-ws/services/am/asp The WSDL for the GSX API is available through the following URI: https://gsxws2.apple.com/gsx-ws/services/am/asp?wsdl The JSS passes the following information to the GSX API during a GSX lookup in inventory: - username of the GSX account - GSX account number - device serial number The GSX API returns a session token and any available warranty information associated with the specified device serial number, which may include warranty status, start/end dates, product description, and AppleCare ID, if available. Additional information on integrating with GSX, including a brief summary of available information, configuration, testing, and use, can be found on pages 54 and 55 of the Casper Suite Administrator’s Guide 9.2. Hopefully this answers things for you, but please let me know if this does not help or if there are any additional questions. Kindest Regards, Tim Hartzel JAMF Support
Posted on 03-11-2014 01:27 PM
Just to cover all bases, here is Apple's response:
Hello Don, Thank you for your question. JAMF Casper is likely using HTTPS and 443 - through a web-based interface to the site that you would normally use to connect to the system (https://gsx.apple.com). Any information entered in the query is securely sent, though I think that you mean automatically, which is something they'd have to answer. Kind regards
Posted on 03-27-2014 08:40 AM
Has anyone configured JSS to connect to GSX when the JSS sits behind a proxy server? If so how?
Posted on 03-27-2014 10:48 AM
Never got that working behind a Bluecoat proxy, even though I tried numerous workarounds.
Posted on 04-10-2014 01:50 PM
In most enterprise environments we provide the port (HTTPS) and protocol (SSL) info to the firewall group, they put it through the usual Change Control process, then GSX in JSS works, then they set up the firewall/proxy to allow traffic. If you have dev/test/prod environments, you'll want to do the same for those boxes (along with SMTP and APNS <g>).
Posted on 01-07-2016 04:16 PM
I'm getting this error when testing the connection to GSX.
"AUTH.UPL.003: Invalid URL for this SoldTo."
Where can I find the right URI for my soldto?
Posted on 01-26-2016 12:23 PM
Just thought I'd post this to help others out...
The URI that I am successfully using with the "GSX New Generation WSDL" (Certificate Based) is:
https://gsxapi.apple.com/gsx-ws/services/am/asp
Horrible documentation. Took me forever to find, so I hope it helps someone else avoid that hunt!
Posted on 03-04-2016 03:23 PM
Posted: 1/26/16 at 2:23 PM by bkerns Just thought I'd post this to help others out... The URI that I am successfully using with the "GSX New Generation WSDL" (Certificate Based) is: https://gsxapi.apple.com/gsx-ws/services/am/asp Horrible documentation. Took me forever to find, so I hope it helps someone else avoid that hunt!
Thanks! This is exactly what I needed. I was getting that darn "AUTH.UPL.003: Invalid URL for this SoldTo." error too.
Posted on 03-07-2017 08:23 AM
@howie_isaacks Thanks! Worked a charm.