Skip to content
Tyler Morgan edited this page Oct 16, 2019 · 6 revisions

Please be patient as we update our Wiki. 😄

Getting LoanShark Assets

  1. Go to https://github.com/cybertunnel/LoanShark/releases
  2. Downlaod the latest LoanShark-Installer.zip and the LoanShark.app Unzip it Github - Releases

Determine Authentication Method

Jamf Pro or Shared Secret/Passphrase

Authentication is used to ensure only authorized folks are able to manage the loaner period and configuration. If you have a Jamf Pro instance, it is recommended to use Jamf Pro’s authentication to ensure fill integration.

Jamf Pro Based Authentication

LoanShark uses the Jamf’s UAPI endpoints to perform the authentication and obtains the authenticated user’s group memberships too perform a check if they are authorized to administer the loaner.

  1. Navigate to your Jamf Pro instance, and select the gear in the top right corner to open Jamf Pro’s settings.

Jamf Pro - Settings

  1. Click the Jamf Pro User Accounts & Groups under System Settings

Jamf Pro - Settings - User Accounts

  1. Select the group which you want to allow the ability to manage LoanShark under Jamf Pro User Groups.

Jamf Pro - Settings - User Groups

  1. In your navigation bar, copy the URL.
    • Should look like: https://mdm.acme.com:8443/groups.html?id=1&o=r
  2. Take note of the ID of the group you wish to grant access. In the example the group ID was 1.

Note: LoanShark supports multiple groups being able to administer the loaning period, perform step 3 and 4 again until all the group IDs you need are recorded.

Shared Secret/Passphrase Based Authentication

Available in: Version 0.3+

This method is MDM agnostic and might be more ideal in specific situations than the Jamf Pro integration.

Note: If using the command line interface and/or automation, you need to still generate the SHA256 hash to allow authentication in the command line level in a secure fashion.

  1. Determine the password or passphrase you want to use to authenticate against
    • Example: SuperMonkey<3Banana2019
  2. Generate a SHA256 hash using your tool of choice
    • You could use an online generator like this one
    • You should get a hash like AA4F41A3CF9478B0C5933B35E847BE4BF5AF13DA002B5AD6C1D67EE6EA88BC56
      • The above was created using the example passphrase
  3. Save the generated hash

Configuring LoanShark Preferences

LoanShark uses User Preferences which can be controlled by a plist file, through the defaults command, and/or through a configuration profile.

Note: The manual method, which is the default, could enable a user who has sudo privileges to edit LoanShark settings. This would include changing the SharedSecret key.

Manual Method

In payload/Library/Preferences you will find com.github.cybertunnel.LoanShark.plist; this is a Property List(plist) in XML format. This file contains settings which LoanShark uses to provide a custom experience.

Open this .plist file in your favorite editor. Some suggested ones are Xcode, or PlistEdit Pro which is available on their website

Checkout the Preference Keys section of this page for what each key does.

Configuration Profile

Note: If using Jamf Pro, it is best to upload the plist to the Custom Payload section of the Configuration Profile Creation screen. This automatically creates a configuration profile for use inside your environment.

Update the below configuration profile with the correct values for your configuration

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1">
    <dict>
        <key>PayloadUUID</key>
        <string>FF1D8EE8-F7D6-4159-818F-64B694B22FD7</string>
        <key>PayloadType</key>
        <string>Configuration</string>
        <key>PayloadOrganization</key>
        <string>Acme Corporation</string>
        <key>PayloadIdentifier</key>
        <string>FF1D8EE8-F7D6-4159-818F-64B694B22FD7</string>
        <key>PayloadDisplayName</key>
        <string>LoanShark Configuration</string>
        <key>PayloadDescription</key>
        <string/>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>PayloadEnabled</key>
        <true/>
        <key>PayloadRemovalDisallowed</key>
        <true/>
        <key>PayloadScope</key>
        <string>System</string>
        <key>PayloadContent</key>
        <array>
            <dict>
                <key>PayloadUUID</key>
                <string>C86CE3CB-68E6-4BFD-B207-94A4A8A1C99E</string>
                <key>PayloadType</key>
                <string>com.apple.ManagedClient.preferences</string>
                <key>PayloadOrganization</key>
                <string>Acme Corporation</string>
                <key>PayloadIdentifier</key>
                <string>C86CE3CB-68E6-4BFD-B207-94A4A8A1C99E</string>
                <key>PayloadDisplayName</key>
                <string>Custom</string>
                <key>PayloadDescription</key>
                <string/>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadEnabled</key>
                <true/>
                <key>PayloadContent</key>
                <dict>
                    <key>com.github.cybertunnel.LoanShark</key>
                    <dict>
                        <key>Forced</key>
                        <array>
                            <dict>
                            <key>mcx_preference_settings</key>
                            <dict>
                                <key>lockoutMessage</key>
                                <string>This loaning period has expired. Please return to the IT member listed below.</string>
                                <key>logoffTimer</key>
                                <integer>60</integer>
                                <key>jamfURL</key>
                                <string>mdm.acme.com</string>
                                <key>authorizedGroupIDs</key>
                                <array>
                                    <integer>1</integer>
                                    <integer>2</integer>
                                </array>
                                <key>extensionOptions</key>
                                <array>
                                    <string>1 Day</string>
                                    <string>3 Days</string>
                                    <string>5 Days</string>
                                    <string>7 Days</string>
                                    <string>1 Week</string>
                                    <string>2 Weeks</string>
                                    <string>3 Weeks</string>
                                    <string>1 Month</string>
                                </array>
                            </dict>
                        </dict>
                    </array>
                </dict>
            </dict>
        </dict>
    </array>
</dict>
</plist>

Preference Keys

Since LoanShark allows a unique and configurable experience, the settings below enable you to control these settings.

Key Name Type Default Description Required Example
jamfURL String none The url to your Jamf Pro instance. If not using Jamf Pro for authentication, checkout the sharedSecret key yes mdm.acme.com
authorizedGroupIds Array of Numbers none The Jamf Pro user group memberships of users who should be able to access LoanShark's management interfaces yes 1
extensionOptions Array of Strings None Set The options available for the user to select as extension possibilities yes 1 day
logOffTimer Number 60 The amount of time, in seconds, until the user gets logged out after the Expiration screen gets displayed no 120 for 2 minutes
lockoutMessage String none The message displayed to the end user which the loaning period expires yes Please return to your IT folks
enableDebugging Bool false The ability to access debugging menus and features, read more here no YES
sharedSecret String none This is a SHA256 hash of a password/secret. This enables authentication via. Command Line Interface, along with use without Jamf Pro no (yes if using CLI) D5F0EEA436EEC8980AAF136DE992A8ACBACEDBEF802390F56433988B28CBF181
sharedSecretAuth Bool false Ability to use the shared secret for authentication instead of username and password NO YES
jamfCloud Bool false Use Jamf Cloud's 443 port instead of the default 8443 NO YES

Build LoanShark Package

Before building your package, make sure you check the following:

  • The payload/Library/Preferences/com.github.cybertunnel.LoanShark.plist configured
    • If using Configuration Profile, ensure it is actively being deployed to your loaners
  • Ensure LoanShark.app exists in payload/Library/Application Support/LoanShark/

Once the everything is checked, in Terminal run the build_pkg.sh script located in the installer folder.

Installation Folder - build.sh

Deploy

Deploying the installer is unique for each environment, so deploy like any of your other packages.

If using a Configuration Profile, ensure your loan devices are receiving the LoanShark profile.

Grab a 🍺, Have Fun Testing! 🧪