Help

Need Configuration profile or script to allow pop-ups for a couple web sites in Safari

Go to solution
DMH2000
Contributor

Posted on ‎09-14-2023 05:59 AM

I looked all over the internet, tried ChatGPT and can't find anything to allow a few websites to pop up windows.  This is affecting our Intune Integration when Safari opens and it goes to login.microsoftonline.com and device.microsoftonline.com. It take 2-3 times before we can successfully get through the enrollment.

Does anyone know how to do this, I don't want to allow all pop-ups as I think that is dangerous. Apple isn't making this easy.  

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
DMH2000
Contributor

‎09-14-2023 12:03 PM - edited ‎09-14-2023 12:12 PM

I'll answer my own question here. There is an old script out there that uses a python command that doesn't work anymore. It needed to be changed to a simple scutil command line to find the logged on user.

#!/bin/sh

loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
echo $loggedInUser
sudo -u $loggedInUser echo 'insert into preference_values (domain,preference,preference_value) values ("device.login.microsoftonline.com","PerSitePreferencesPopUpWindow",2)'|sqlite3 /Users/$loggedInUser/Library/Safari/PerSitePreferences.db
sudo -u $loggedInUser echo 'insert into preference_values (domain,preference,preference_value) values ("login.microsoftonline.com","PerSitePreferencesPopUpWindow",2)'|sqlite3 /Users/$loggedInUser/Library/Safari/PerSitePreferences.db
sudo -u $loggedInUser echo 'insert into preference_values (domain,preference,preference_value) values
("myworkday.com","PerSitePreferencesPopUpWindow",2)'|sqlite3 /Users/$loggedInUser/Library/Safari/PerSitePreferences.db

 

 

View solution in original post

9 REPLIES 9

Go to solution
sdagley
Esteemed Contributor II

Posted on ‎09-14-2023 07:00 AM

@DMH2000 Unfortunately as you've discovered Apple provides very few configuration options for Safari. If you want to pre-configure web browser settings to provide a better experience for your users you should consider standardizing on a different browser such as Mozilla Firefox, Google Chrome, or Microsoft Edge which all offer significantly more options that can be managed.

0 Kudos

Go to solution
DMH2000
Contributor

Posted on ‎09-14-2023 07:10 AM

Thanks @sdagley but Intune integrations needs Safari as other browsers fail right away. I figured it had to do with Apple's lack of options.

The reason yiou need Safari is from another thread: Users must have Safari set as the default browser because jamfAAD calls MSAL (https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-overview) to do the auth. And then MSAL calls Safari via the ASWebAuth framework (https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession) and that is using Safari.

0 Kudos

Go to solution
DMH2000
Contributor

‎09-14-2023 12:03 PM - edited ‎09-14-2023 12:12 PM

I'll answer my own question here. There is an old script out there that uses a python command that doesn't work anymore. It needed to be changed to a simple scutil command line to find the logged on user.

#!/bin/sh

loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
echo $loggedInUser
sudo -u $loggedInUser echo 'insert into preference_values (domain,preference,preference_value) values ("device.login.microsoftonline.com","PerSitePreferencesPopUpWindow",2)'|sqlite3 /Users/$loggedInUser/Library/Safari/PerSitePreferences.db
sudo -u $loggedInUser echo 'insert into preference_values (domain,preference,preference_value) values ("login.microsoftonline.com","PerSitePreferencesPopUpWindow",2)'|sqlite3 /Users/$loggedInUser/Library/Safari/PerSitePreferences.db
sudo -u $loggedInUser echo 'insert into preference_values (domain,preference,preference_value) values
("myworkday.com","PerSitePreferencesPopUpWindow",2)'|sqlite3 /Users/$loggedInUser/Library/Safari/PerSitePreferences.db

 

 

Go to solution
sdagley
Esteemed Contributor II
In response to DMH2000

Posted on ‎09-14-2023 12:45 PM

@DMH2000 Good find. Now to see how long before Apple breaks/fixes the ability to do that. :-(

Go to solution
jharm
New Contributor
In response to DMH2000

Posted on ‎09-14-2023 01:18 PM

Im getting a authorization denied message when trying to run the script, testing line by line the name is being gotten correctly, but sudo -u $loggedInUser echo 'insert into preference_values (domain,preference,preference_value) values ("temple.edu","PerSitePreferencesPopUpWindow",2)'|sqlite3 /Users/$loggedInUser/Library/Safari/PerSitePreferences.db is not working. This is on a freshly cleared m1 mini on Sonoma but I ran it manually on my 27ich pro on Ventura and had same error.

0 Kudos

Go to solution
DMH2000
Contributor
In response to jharm

Posted on ‎09-14-2023 01:24 PM

@jharm I ran it manually as a script such as 'sudo sh safari.sh'.  Maybe try that

Go to solution
DMH2000
Contributor
In response to jharm

Posted on ‎10-03-2023 09:14 AM

Yeah I get that and also PerSitePreferences.db not exists.  I think I'l give up now.

0 Kudos

Go to solution
DMH2000
Contributor

‎09-14-2023 12:08 PM - edited ‎09-14-2023 12:37 PM

2023-09-14_15-34-38.png

 I removed the Workday.com item... but you can see the script populated the Pop-Up Windows items.

0 Kudos

Go to solution
jefff
Contributor II

‎02-09-2024 02:02 PM - edited ‎02-09-2024 02:06 PM

I just used this solution today, @DMH2000. Happy to see it still works!

We had a request to do the same thing with Firefox and Chrome for an internal site. Chrome seems to require Chrome Cloud configuration, but it looks like Firefox can be configured the same way with a "defaults write" command. My teammate who does most of our scripting is stoked to expand this into an extensible script with parameters.

0 Kudos