Skip to main content
Solved

Need Configuration profile or script to allow pop-ups for a couple web sites in Safari


DMH2000
Forum|alt.badge.img+7

I looked all over the internet, tried ChatGPT and can't find anything to allow a few websites to pop up windows.  This is affecting our Intune Integration when Safari opens and it goes to login.microsoftonline.com and device.microsoftonline.com. It take 2-3 times before we can successfully get through the enrollment.

Does anyone know how to do this, I don't want to allow all pop-ups as I think that is dangerous. Apple isn't making this easy.  

Best answer by DMH2000

I'll answer my own question here. There is an old script out there that uses a python command that doesn't work anymore. It needed to be changed to a simple scutil command line to find the logged on user.

#!/bin/sh

loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
echo $loggedInUser
sudo -u $loggedInUser echo 'insert into preference_values (domain,preference,preference_value) values ("device.login.microsoftonline.com","PerSitePreferencesPopUpWindow",2)'|sqlite3 /Users/$loggedInUser/Library/Safari/PerSitePreferences.db
sudo -u $loggedInUser echo 'insert into preference_values (domain,preference,preference_value) values ("login.microsoftonline.com","PerSitePreferencesPopUpWindow",2)'|sqlite3 /Users/$loggedInUser/Library/Safari/PerSitePreferences.db
sudo -u $loggedInUser echo 'insert into preference_values (domain,preference,preference_value) values
("myworkday.com","PerSitePreferencesPopUpWindow",2)'|sqlite3 /Users/$loggedInUser/Library/Safari/PerSitePreferences.db

 

 

View original
Did this topic help you find an answer to your question?

sdagley
Forum|alt.badge.img+25
  • Jamf Heroes
  • September 14, 2023

@DMH2000 Unfortunately as you've discovered Apple provides very few configuration options for Safari. If you want to pre-configure web browser settings to provide a better experience for your users you should consider standardizing on a different browser such as Mozilla Firefox, Google Chrome, or Microsoft Edge which all offer significantly more options that can be managed.


DMH2000
Forum|alt.badge.img+7
  • Valued Contributor
  • September 14, 2023

Thanks @sdagley but Intune integrations needs Safari as other browsers fail right away. I figured it had to do with Apple's lack of options.

The reason yiou need Safari is from another thread: Users must have Safari set as the default browser because jamfAAD calls MSAL (https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-overview) to do the auth. And then MSAL calls Safari via the ASWebAuth framework (https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession) and that is using Safari.


DMH2000
Forum|alt.badge.img+7
  • Valued Contributor
  • September 14, 2023

I'll answer my own question here. There is an old script out there that uses a python command that doesn't work anymore. It needed to be changed to a simple scutil command line to find the logged on user.

#!/bin/sh

loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
echo $loggedInUser
sudo -u $loggedInUser echo 'insert into preference_values (domain,preference,preference_value) values ("device.login.microsoftonline.com","PerSitePreferencesPopUpWindow",2)'|sqlite3 /Users/$loggedInUser/Library/Safari/PerSitePreferences.db
sudo -u $loggedInUser echo 'insert into preference_values (domain,preference,preference_value) values ("login.microsoftonline.com","PerSitePreferencesPopUpWindow",2)'|sqlite3 /Users/$loggedInUser/Library/Safari/PerSitePreferences.db
sudo -u $loggedInUser echo 'insert into preference_values (domain,preference,preference_value) values
("myworkday.com","PerSitePreferencesPopUpWindow",2)'|sqlite3 /Users/$loggedInUser/Library/Safari/PerSitePreferences.db

 

 


DMH2000
Forum|alt.badge.img+7
  • Valued Contributor
  • September 14, 2023

 I removed the Workday.com item... but you can see the script populated the Pop-Up Windows items.


sdagley
Forum|alt.badge.img+25
  • Jamf Heroes
  • September 14, 2023
DMH2000 wrote:

I'll answer my own question here. There is an old script out there that uses a python command that doesn't work anymore. It needed to be changed to a simple scutil command line to find the logged on user.

#!/bin/sh

loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
echo $loggedInUser
sudo -u $loggedInUser echo 'insert into preference_values (domain,preference,preference_value) values ("device.login.microsoftonline.com","PerSitePreferencesPopUpWindow",2)'|sqlite3 /Users/$loggedInUser/Library/Safari/PerSitePreferences.db
sudo -u $loggedInUser echo 'insert into preference_values (domain,preference,preference_value) values ("login.microsoftonline.com","PerSitePreferencesPopUpWindow",2)'|sqlite3 /Users/$loggedInUser/Library/Safari/PerSitePreferences.db
sudo -u $loggedInUser echo 'insert into preference_values (domain,preference,preference_value) values
("myworkday.com","PerSitePreferencesPopUpWindow",2)'|sqlite3 /Users/$loggedInUser/Library/Safari/PerSitePreferences.db

 

 


@DMH2000 Good find. Now to see how long before Apple breaks/fixes the ability to do that. :-(


Forum|alt.badge.img
  • New Contributor
  • September 14, 2023
DMH2000 wrote:

I'll answer my own question here. There is an old script out there that uses a python command that doesn't work anymore. It needed to be changed to a simple scutil command line to find the logged on user.

#!/bin/sh

loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
echo $loggedInUser
sudo -u $loggedInUser echo 'insert into preference_values (domain,preference,preference_value) values ("device.login.microsoftonline.com","PerSitePreferencesPopUpWindow",2)'|sqlite3 /Users/$loggedInUser/Library/Safari/PerSitePreferences.db
sudo -u $loggedInUser echo 'insert into preference_values (domain,preference,preference_value) values ("login.microsoftonline.com","PerSitePreferencesPopUpWindow",2)'|sqlite3 /Users/$loggedInUser/Library/Safari/PerSitePreferences.db
sudo -u $loggedInUser echo 'insert into preference_values (domain,preference,preference_value) values
("myworkday.com","PerSitePreferencesPopUpWindow",2)'|sqlite3 /Users/$loggedInUser/Library/Safari/PerSitePreferences.db

 

 


Im getting a authorization denied message when trying to run the script, testing line by line the name is being gotten correctly, but sudo -u $loggedInUser echo 'insert into preference_values (domain,preference,preference_value) values ("temple.edu","PerSitePreferencesPopUpWindow",2)'|sqlite3 /Users/$loggedInUser/Library/Safari/PerSitePreferences.db is not working. This is on a freshly cleared m1 mini on Sonoma but I ran it manually on my 27ich pro on Ventura and had same error.


DMH2000
Forum|alt.badge.img+7
  • Valued Contributor
  • September 14, 2023
jharm wrote:

Im getting a authorization denied message when trying to run the script, testing line by line the name is being gotten correctly, but sudo -u $loggedInUser echo 'insert into preference_values (domain,preference,preference_value) values ("temple.edu","PerSitePreferencesPopUpWindow",2)'|sqlite3 /Users/$loggedInUser/Library/Safari/PerSitePreferences.db is not working. This is on a freshly cleared m1 mini on Sonoma but I ran it manually on my 27ich pro on Ventura and had same error.


@jharm I ran it manually as a script such as 'sudo sh safari.sh'.  Maybe try that


DMH2000
Forum|alt.badge.img+7
  • Valued Contributor
  • October 3, 2023
jharm wrote:

Im getting a authorization denied message when trying to run the script, testing line by line the name is being gotten correctly, but sudo -u $loggedInUser echo 'insert into preference_values (domain,preference,preference_value) values ("temple.edu","PerSitePreferencesPopUpWindow",2)'|sqlite3 /Users/$loggedInUser/Library/Safari/PerSitePreferences.db is not working. This is on a freshly cleared m1 mini on Sonoma but I ran it manually on my 27ich pro on Ventura and had same error.


Yeah I get that and also PerSitePreferences.db not exists.  I think I'l give up now.


Forum|alt.badge.img+12
  • Valued Contributor
  • February 9, 2024

I just used this solution today, @DMH2000. Happy to see it still works!

We had a request to do the same thing with Firefox and Chrome for an internal site. Chrome seems to require Chrome Cloud configuration, but it looks like Firefox can be configured the same way with a "defaults write" command. My teammate who does most of our scripting is stoked to expand this into an extensible script with parameters.


Forum|alt.badge.img+3
  • New Contributor
  • August 16, 2024
DMH2000 wrote:

I'll answer my own question here. There is an old script out there that uses a python command that doesn't work anymore. It needed to be changed to a simple scutil command line to find the logged on user.

#!/bin/sh

loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
echo $loggedInUser
sudo -u $loggedInUser echo 'insert into preference_values (domain,preference,preference_value) values ("device.login.microsoftonline.com","PerSitePreferencesPopUpWindow",2)'|sqlite3 /Users/$loggedInUser/Library/Safari/PerSitePreferences.db
sudo -u $loggedInUser echo 'insert into preference_values (domain,preference,preference_value) values ("login.microsoftonline.com","PerSitePreferencesPopUpWindow",2)'|sqlite3 /Users/$loggedInUser/Library/Safari/PerSitePreferences.db
sudo -u $loggedInUser echo 'insert into preference_values (domain,preference,preference_value) values
("myworkday.com","PerSitePreferencesPopUpWindow",2)'|sqlite3 /Users/$loggedInUser/Library/Safari/PerSitePreferences.db

 

 


Would this work on an iPad too or just a Macbook?


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings