What about Spruce, python-jss, jss_helper and JSSRecipeCreator? My organisation took the decision to end its reliance on JSSImporter, and we are fully migrating our AutoPkg recipes to JamfUploader. The answer to this question is probably “no”, or at least not by me. Will JSSImporter be updated to use token-based authentication? After this happens, you will need to remain on a version of Jamf Pro that supports Basic Authentication (if you are an on-premises customer), or migrate to another workflow such as using JamfUploader, PatchBot or Munki. Jamf have stated that Basic Authentication will be removed as an option “later this year”. How long can I continue to use JSSImporter? Scroll to the bottom and ensure that the setting Allows Basic authentication in addition to Bearer Token authentication is enabled. To do this, navigate to Settings > Jamf Pro User Accounts & Groups, and click on the Password Policy button. If you use JSSImporter, you must ensure that Basic Authentication is enabled in your Jamf Pro settings. JSSImporter does not support token-based authentication. Can I use the JSSImporter processor token-based authentication? JamfUploader also continues to work on older versions of Jamf Pro which don’t yet support token-based authentication. If you are using Jamf Pro 10.36.0, it is safe to disable Basic Authentication. If you are a JamfUploader user, you don’t have to make any changes other than ensuring that the grahampugh-recipes repo has been updated. Yes! The JamfUploader processors for AutoPkg support token-based authentication. Can I use the JamfUploader processors for AutoPkg with token-based authentication? This post is designed to answer questions regarding the impact of these changes on the tools I maintain which rely on the Jamf Pro APIs. With version 10.36.0, released this week, Jamf have now introduced the option to disable Basic Authentication for the Classic API endpoints. Jamf introduced token-based authentication for its Classic API with version 10.35.0, whilst continuing to support the older Basic Authentication method. The bearer token expires after a period of time, after which you have to grab another. Subsequent API requests to other endpoints use this bearer token as authentication. This works by sending a regular Basic Authentication request to a specific token-generating API endpoint, which returns a “bearer token”. The newer API, known as the “Jamf Pro API” (and formerly known as the “UAPI”), has used token-based authentication since its introduction. The Jamf Pro Classic API traditionally uses Basic Authentication - that is, for every request, you supply the username and password of an account that has the permissions required. It returns the full computer record, but I just show the ID.It’s time to plan your migration away from JSSImporter… About the Jamf Pro APIs Using the classic API, find the JAMF ID of the computer the script is running on. This is an experimental script that didn't pan out as well as I had hoped, YMMV. This is a Pro API rewrite of my Classic API script found here: copy_config_profile.py This is a bare bones demonstration of how to use the new Pro API token login. I'm not saying this is the best way, but it works for me. There are many ways of removing sensitive info from a script. Thanks for stopping by! Included Scripts local_credentials_template.pyĪdd your specific JAMF server info and rename to local_credentials.py. In the future, as I find additional interesting techniques or methods, I'll add them here. With the Pro API, an API access token is requested once for the life of the script, and then used to authenticate going forward. With the Classic API, every call to the API needed to include a valid username and password. This project demonstrates the key difference between the two APIs: authentication. The Jamf Pro API has really improved, though is considered still in beta.
0 Comments
Leave a Reply. |