Help

Run a script on jamf pro server

BCPeteo
Contributor III

Posted on ‎07-23-2024 07:15 AM

Is there any way to get JAMF to run a script locally on a JAMF pro server?

 

I am trying to find a good solution to create a bearer token to pass to a script as I do not want to pass API user name/ password or base64, or encrypted credentials to a script  that gets a bearer token as these all will eventually be viewable on the users machine. If there was a way for a script to be run locally on the Jamf server to create the bearer token that then could be passed to a policy at least it would be more secure as we have control over the JAMF server. Any solutions out there? 

0 Kudos
Reply
5 REPLIES 5

jamf-42
Valued Contributor II

Posted on ‎07-23-2024 07:35 AM

unless Im reading the documentation wrong (very possible) you don't want to run API calls from the end point (people do, not sure they should) as how would you rate limit this? 

Maybe something like Postman would help? 

 

jamf42_0-1721745220850.png

 

0 Kudos
Reply

BCPeteo
Contributor III
In response to jamf-42

Posted on ‎07-23-2024 07:46 AM

Yes. the API script would be run once daily per a computer check-in to get info from a LDAP field which would store that info in a plist on the the users system

0 Kudos
Reply

jamf-42
Valued Contributor II
In response to BCPeteo

Posted on ‎07-23-2024 07:54 AM

maybe webhooks would work? https://developer.jamf.com/developer-guide/docs/webhooks

0 Kudos
Reply

BCPeteo
Contributor III
In response to jamf-42

Posted on ‎07-23-2024 10:55 AM

Thanks, this is really interesting. But it seems you need a separate webserver setup and does not seem like it would work as you would need the bearer token created before an event happened, not after.

This tool looks real nice though:

https://marketplace.jamf.com/details/jawa

Probably will look into other solutions to run an API script to do everything on a secure server. Bummer Jamf does not offer a way to generate an API bearer token on the fly to pass to a policy script

0 Kudos
Reply

AJPinto
Honored Contributor III

‎07-23-2024 07:36 AM - edited ‎07-23-2024 07:36 AM

I think we need to step back and talk about what problem you are trying to solve, then discuss possible solutions.

 

Is what you are asking possible? Yes, you need to stand up a separate webserver and have the scripting run as a scheduled task. Ideally this should be done on a totally separate server/VM rather than the same server that Jamf is hosted on. However, keep in mind you are literally writing an appliance/application and there are likely tools that already do what you are wanting.

0 Kudos
Reply