Jamf Nation Community

Sorry for bringing this thread back to life. Did you ever get an answer on the URLs/ports required for JSS to integrate with GSX?

Just following up, we recently posed the question to our JAMF Buddy:

Good morning Don, I heard back from our security team regarding the questions that you had about GSX. This is what I got back: The JSS uses the standard SOAP API for interacting with the Apple GSX service. The specific URI, including protocol and port, is specified in the JSS web application Settings Global Management GSX Connection. Selecting a different Region from the drop-down list will automatically populate the URI with the appropriate value. By default, these connections should use secure HTTP (HTTPS) on the standard port (443). Specific details on the GSX API can be found by navigating to the specified URI, such as the following for the Americas: https://gsxws2.apple.com/gsx-ws/services/am/asp The WSDL for the GSX API is available through the following URI: https://gsxws2.apple.com/gsx-ws/services/am/asp?wsdl The JSS passes the following information to the GSX API during a GSX lookup in inventory: - username of the GSX account - GSX account number - device serial number The GSX API returns a session token and any available warranty information associated with the specified device serial number, which may include warranty status, start/end dates, product description, and AppleCare ID, if available. Additional information on integrating with GSX, including a brief summary of available information, configuration, testing, and use, can be found on pages 54 and 55 of the Casper Suite Administrator’s Guide 9.2. Hopefully this answers things for you, but please let me know if this does not help or if there are any additional questions. Kindest Regards, Tim Hartzel JAMF Support

Just to cover all bases, here is Apple's response:

Hello Don, Thank you for your question. JAMF Casper is likely using HTTPS and 443 - through a web-based interface to the site that you would normally use to connect to the system (https://gsx.apple.com). Any information entered in the query is securely sent, though I think that you mean automatically, which is something they'd have to answer. Kind regards

Has anyone configured JSS to connect to GSX when the JSS sits behind a proxy server? If so how?

In most enterprise environments we provide the port (HTTPS) and protocol (SSL) info to the firewall group, they put it through the usual Change Control process, then GSX in JSS works, then they set up the firewall/proxy to allow traffic. If you have dev/test/prod environments, you'll want to do the same for those boxes (along with SMTP and APNS <g>).

I'm getting this error when testing the connection to GSX.

"AUTH.UPL.003: Invalid URL for this SoldTo."

Where can I find the right URI for my soldto?

Just thought I'd post this to help others out...

The URI that I am successfully using with the "GSX New Generation WSDL" (Certificate Based) is:

https://gsxapi.apple.com/gsx-ws/services/am/asp

Horrible documentation. Took me forever to find, so I hope it helps someone else avoid that hunt!

Posted: 1/26/16 at 2:23 PM by bkerns Just thought I'd post this to help others out... The URI that I am successfully using with the "GSX New Generation WSDL" (Certificate Based) is: https://gsxapi.apple.com/gsx-ws/services/am/asp Horrible documentation. Took me forever to find, so I hope it helps someone else avoid that hunt!

Thanks! This is exactly what I needed. I was getting that darn "AUTH.UPL.003: Invalid URL for this SoldTo." error too.

@howie_isaacks Thanks! Worked a charm.