From 8dc92c9ada47eaa7ce00c2bc48a55db6d6f88132 Mon Sep 17 00:00:00 2001 From: Charles Edge Date: Mon, 8 Apr 2019 09:25:06 -0500 Subject: [PATCH] Update README.md Add reamde --- README.md | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) diff --git a/README.md b/README.md index ce7028c..6cee8f7 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,64 @@ # CertificateSDK Get Certificates From Jamf Pro Into Your iOS Apps + +## Jamf Certificate SDK + +###### Framework Architectures + +The included framework ships with two simulator architectures (i386 and x86_64) and two device architectures +(armv7 and arm64). This allows third-party app developers to use the framework both in their own simulators +running on their development Macs, and on actual devices. + +When building the third-party app, only some of these architectures are going to be useful for an individual build of +the app. The framework includes a bash script that should run within an Xcode "Run Script" build phase to thin out +the framework of unused architectures. Look at the example app's Run Script build phase for a working example of +this. + +`bash "${BUILT_PRODUCTS_DIR}/${FRAMEWORKS_FOLDER_PATH}/CertificateSDK.framework/ios-strip-framework.sh" CertificateSDK` + + +#### Managed App Config Required Settings + +To ensure proper use of the SDK, the iOS app is required to be distributed by Jamf Pro. During distribution, an App Configuration +can be specified that will let the SDK communicate with Jamf Pro and request the proper certificate. Here is a sample App Configuration +that can be used as a basis for your own app. + +Note that you can add your own key/value pairs to the App Configuration to configure other parts of your app. Jamf's keys are all prefixed +with `com.jamf.config.` so they will not clash with your own naming conventions for keys. + + + com.jamf.config.jamfpro.invitation + $MOBILEDEVICEAPPINVITE + com.jamf.config.device.udid + $UDID + com.jamf.config.jamfpro.url + https://the_jamf_pro_server_url_goes_here/ + com.jamf.config.certificate-request.pkiId + 1 + com.jamf.config.certificate-request.template + User2 + com.jamf.config.certificate-request.subject + cn=something + com.jamf.config.certificate-request.sanType + rfc822Name + com.jamf.config.certificate-request.sanValue + somebody@example.com + + +###### MAC key discussion + +com.jamf.config.jamfpro.url: The value should be filled in with your Jamf Pro Server's URL. + +The keys prefixed with `com.jamf.config.certificate-request` are used during certificate generation. They will +be specific to your organization. You should confer with those responsible for Jamf Pro and your Certificate Authority to ensure +the proper settings are configured for your app. + +* pkiId: (an integer but typed as string in the MAC) Jamf Pro ID of the PKI Integration/Certificate Authority to be used; find this in the Jamf Pro +web UI at Settings > PKI Certificates > Your ADCS CA settings and then look in the URL bar for the number after "id=". You should have a URL something like "adcsSettings.html?id=3" +* template: (string) Certificate template name as defined in your CA +* subject: (string) Subject to include in the certificate signing request +* sanType: (string) One of 'rfc822Name', 'dNSName', or 'uniformResourceIdentifier' +* sanValue: (string) Subject Alternative Name to include in the certificate signing request + +With the subject and sanValue fields, variable substitution is available as discussed under "Payload Variables for Mobile Device Configuration Profiles" at +http://docs.jamf.com/jamf-pro/administrator-guide/Mobile_Device_Configuration_Profiles.html