Merge pull request #516 from TheJumpCloud/SA-3558_multi_ssid_support

1.0.6 multi ssid and non-exportable macos certs

scripts/automation/Radius/Changelog.md

@@ -1,3 +1,17 @@
+## 1.0.6
+
+Release Date: September 25, 2023
+
+#### RELEASE NOTES
+
+```
+Certificates distributed to macOS device are now imported using the -x flag to prevent them from being exported.
+```
+
+#### Bug Fixes:
+
+- For users with multiple SSIDs where one SSID has a space in the name, previous versions of the script could not account for this. This version addresses this change by passing text with a ';' delimiter rather than a space.
+
 ## 1.0.5
 
 Release Date: July 20, 2023

scripts/automation/Radius/Config.ps1

@@ -9,8 +9,8 @@ $JCUSERCERTPASS = 'secret1234!'
 # USER CERT Validity Length (days)
 $JCUSERCERTVALIDITY = 90
 # List Of Radius Network SSID(s)
-# For Multiple SSIDs enter as a single string seperated by spaces ex:
-# "CorpNetwork_Denver CorpNetwork_Boulder"
+# For Multiple SSIDs enter as a single string seperated by a semicolon  ex:
+# "CorpNetwork_Denver;CorpNetwork_Boulder;CorpNetwork_Boulder 5G;Guest Network"
 $NETWORKSSID = "YOUR_SSID"
 # OpenSSLBinary by default this is (openssl)
 # NOTE: If openssl does not work, try using the full path to the openssl file
@@ -37,7 +37,7 @@ $CertType = "UsernameCn"
 # Do not modify below
 ################################################################################
 
-$UserAgent_ModuleVersion = '1.0.5'
+$UserAgent_ModuleVersion = '1.0.6'
 $UserAgent_ModuleName = 'PasswordlessRadiusConfig'
 #Build the UserAgent string
 $UserAgent_ModuleName = "JumpCloud_$($UserAgent_ModuleName).PowerShellModule"

scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1

@@ -163,7 +163,7 @@ if [[ `$currentUser ==  $($user.localUsername) ]]; then
     fi
 
     if [[ `$import == true ]]; then
-        /bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security import /tmp/$($user.userName)-client-signed.pfx -k /Users/$($user.localUsername)/Library/Keychains/login.keychain -P $JCUSERCERTPASS -T "/System/Library/SystemConfiguration/EAPOLController.bundle/Contents/Resources/eapolclient"
+        /bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security import /tmp/$($user.userName)-client-signed.pfx -x -k /Users/$($user.localUsername)/Library/Keychains/login.keychain -P $JCUSERCERTPASS -T "/System/Library/SystemConfiguration/EAPOLController.bundle/Contents/Resources/eapolclient"
         if [[ `$? -eq 0 ]]; then
             echo "Import Success"
             # get the SHA hash of the newly imported cert
@@ -181,8 +181,9 @@ if [[ `$currentUser ==  $($user.localUsername) ]]; then
     fi
 
     # check if the cert secruity preference is set:
-    for i in `${networkSsid[@]}; do
-        echo "begin sertting network SSID: `$i security certificate"
+    IFS=';' read -ra network <<< "`$networkSsid"
+    for i in "`${network[@]}"; do
+        echo "begin setting network SSID: `$i"
         if /bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security get-identity-preference -s "com.apple.network.eap.user.identity.wlan.ssid.`$i" -Z "`$installedCertSHA"; then
             echo "it was already set"
         else
@@ -196,7 +197,6 @@ if [[ `$currentUser ==  $($user.localUsername) ]]; then
         fi
     done
 
-
     # print results
     echo "################## Cert Install Results ##################"
     echo "Installed Cert SN: `$installedCertSN"