Introduction to the
The configuration file can be installed in the following ways:
- Method one, use
Apple Configurator 2
The installation- Method two, through the mail
- Way three, through the way of the web page
- Mode 4. Through
over-the-air
The way ofHere we use method three to install. The configuration file installation goes through three processes: downloading the file through the web page, installing the file as prompted, device authentication, and updating the Token information.
Equipment certification
Proactively access the CheckInURL in the form of a PUT request and submit device information as follows:
###20170807 update: How does this operation work, such as no APP installed or other visible operation? Why PUT request? My understanding and solutions
Question 1: Yes, no manual operation is required. This request is automatically initiated by the iOS system when the configuration file is installed. IOS supports THE MDM service and implements the MDM protocol. In fact, this protocol is similar to HTTP protocol, which is a communication mechanism. As long as the client and server implement the protocol, the two sides can communicate normally. But here the client is the iOS system itself to complete, we have to do is in the server side implementation on the line. The following simple operations show that the commands sent in XML format are fixed. For details about the command names and fields of other operations, see the official Apple MDM protocol description document.
Question 2: MDM communication is conducted in the form of PUT requests. Why PUT requests? I understand because the implementation of the protocol is based on the PUT request, this is Apple’s choice, we just have to comply with the protocol requirements.
<? xml version="1.0" encoding="UTF-8"? > <! DOCTYPE plist PUBLIC"- / / / / DTD PLIST Apple 1.0 / / EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>BuildVersion</key>
<string>13D15</string>
<key>IMEI</key>
<string>35 884805 093285 4</string>
<key>MEID</key>
<string>35884805093285</string>
<key>MessageType</key>
<string>Authenticate</string>
<key>OSVersion</key>
<string>9.2.1</string>
<key>ProductName</key>
<string>iPad4,5</string>
<key>SerialNumber</key>
<string>F4KMG0FSFLMM</string>
<key>Topic</key>
<string>com.apple.mgmt.External.*</string>
<key>UDID</key>
<string>UDID</string>
</dict>
</plist>
Copy the code
As you can see above
MessageType indicates the MessageType. The value is the push Topic of the Authenticate Topic, that is, the user ID UDID unique identifier of the device in the certificate
After receiving the request, the Server performs different data processing operations according to the value of MessageType, and then responds with an empty dictionary to complete authentication
<? xml version="1.0" encoding="UTF-8"? > <! DOCTYPE plist PUBLIC"- / / Apple Computer / / DTD PLIST / 1.0 / EN""http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict></dict>
</plist>
Copy the code
The device sends a TokenUpdate message
<? xml version="1.0" encoding="UTF-8"? > <! DOCTYPE plist PUBLIC"- / / / / DTD PLIST Apple 1.0 / / EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>AwaitingConfiguration</key>
<false/> <key>MessageType</key> <string>TokenUpdate</string> <key>PushMagic</key> <string>2969ACF9-DD9C-46D2-8784-F0949CB25BB9</string> <key>Token</key> <data> m200tX8dSj/oBDKKlBpy1NRTQzvfOLNYa1rB7A0/rUM= </data> <key>Topic</key> <string>com.apple.mgmt.External.bc2c8764-9ce5-4fd3-9330-4036325a91cc</string> <key>UDID</key> <string>233deb277d03bd4aaf91108390c7d9fe2c49c8be</string> <key>UnlockToken</key> <data> REFUQQAABO... //Base64 encoded string required to lock the screen </data> </dict> </plist>Copy the code
Main parameters:
PushMagic: MDM Server is used to mark the unique identifier (similar to token) of the device when pushing. This identifier must be carried when sending messages to APNs.
Token: indicates the Token of the device.
UnlockToken Token used to clear the device password.
The Server responds with null data and terminates the connection.
HTTP/1.1 200 OK Server: apache-coyote /1.1 cache-control: no-cache Content-type: text/plain; charset=UTF-8 Content-Length: 0 Date: Wed, 26 Apr 2017 07:33:48 GMTCopy the code
After the device is registered, you can view the information about the registered device on the Server background.