I know it's duplicate question , Existing solutions are not working for me, I tried all of them almost now.
What I have done so far.
1) MDM profile is getting installed on Device.
2) I am able to receive Push notification token and push magic string on my localhost server.
My Server and client environment is
1) Server side, I am using Rails, Self signed SSL certificate is used, for Localhost Environment.
2) iOS 10.3 is client side, Device is connected in LAN, MDM profile installation working fine.
References I am following.
To Create MDM payload, and push notification certificate
To Send notification on device, Rails Gem
Source Code for sending notification to device is
apns_p12 = File.read('my_cert.p12')
token = '[device token string]'
payload = { mdm: '[push magic string]' }
AppleShove.notify p12: apns_p12, device_token:token, payload:payload, expiration_date: Time.now + 60*60, priority:5
when above code executes, we receive the response, notification is sent to the device and delivered, but the device never request our server to pull new configuration
Note-
I am able to download certificate from https://identity.apple.com/pushcert/
Once I used only .p12 of downloaded certificate from identity.apple.com.
Once I used of downloaded certificate from identity.apple.com.
Once I used, cat CustomerCompanyName.pem PlainKey.pem > PlainCert.pem , with passphrase and without passphrase.
Related
I'm currently implementing push notifications from our backend server to our app (macOS Catalina & iOS - same code base), using Apple Push Notifications & the token based way of authentication (generating JWT from keyId, teamId, ... & signing it with the private key generated in the Apple developer console) to send pushes to APN service.
The problem I am facing is that I can successfully send "alert" notifications (status 200, with header apns-push-type: alert) and receive them on my iOS and MacOS device (the push notifications appear successfully in production and sandbox mode) but for some reason, "silent" pushes (with header apns-push-type: background) are only received on my iOS device (iPhone), but not on my Mac (didReceiveRemoteNotification(...) in AppDelegate is never called).
What I have done so far:
Made sure APN request header is correctly configured for silent push: apns-push-type: background
Made sure to have the correct APN topic header: apns-topic: my.bundle.id (this is different for sandbox/production)
Added the "semi-required" priority header: apns-priority: 5 (only when delivering background pushes)
Verified that the created JWT is valid and used in the APN auth header: authorization: mytoken (this must be the case, otherwise APN service would not respond with status 200)
Confirmed that my application has the correct entitlements & capabilities defined in Xcode (my reasoning: this must be the case, otherwise 'alert' push notifications would also not work)
Double checked that push notifications for the Mac app are allowed/enabled (checked system settings)
Made sure the device token im sending the push to is actually from the device intended to receive the push (e.g. my MacBook)
Checked that the private key I'm using to sign the JWT has the APN capability
Tested while the Mac app is running but not in focus & also when in focus
The APNs requests I am performing to send the push are:
Sandbox: POST https://api.sandbox.push.apple.com/3/device/{deviceToken}
Production: POST https://api.push.apple.com/3/device/{deviceToken}
The payload (JSON) I'm sending to APN service in the request body looks as follows:
{
"aps": {
"content-available": 1 # defines push as "silent"
},
"data": { #some key-value pairs here }
}
In any case (both production & sandbox, both with the device token of iOS and macOS), my request to APN returns with a status code 200. My MacBook is running Catalina 10.15.3. What am I possibly doing wrong here or is that something that is simply not supported for Catalyst apps?
Wow doozy question. I'm reasonably familiar with APNs headaches but something popped out at me from the latest docs:
Additionally, the notification’s POST request should contain the
apns-push-type header field with a value of background, and the
apns-priority field with a value of 5. The APNs server requires the
apns-push-type field when sending push notifications to Apple Watch,
and recommends it for all platforms. For more information, see Create
and Send a POST Request to APNs.
Does the priority 5 thing make a difference?
Also my usually attempt to fix these problems is to test in an archive as opposed to an Xcode build. AFAIK the prod push server can only send to App Store, ad-hoc, enterprise, or testflight builds, so if you're just building from Xcode I don't think you'd get any push notifications with production apns.
I'm developing an iOS MDM Server as my project and I have almost completed.
I created all the necessary files manually including the mobileconfig file and installed the profile.
The device polls the URL mentioned in Server URL often with an Idle message.I read that the Idle message indicates that the device is checking the server for commands and we can send plist response as a command.
My question is, if all the devices poll the MDM Server frequently, what is need for .pem file and APNs certificate. Should we send push notification to the device like below like we send push notifications to our iOS apps.
{
"aps": {
"id": 10,
"message": "Hello world!",
"from": "Ram"
}
}
If this is what we should do, what should we send in the payload?
EDIT :
I found out the solution for sending push notifications.
com.notnoop.apns.ApnsService apnsservice = com.notnoop.apns.APNS.newService().withCert(<pushCertStream>,<pushCertPass>).withProductionDestination().build();
apnsservice.push(token, com.notnoop.apns.APNS.newPayload().mdm(pushMagic)).build());
When push notification is sent like this, the device responds with an Idle Message and we can send commands to the device.
Few more doubts :
1) When does apple check the SSL Certificate of the profile? I'm sure it checks during profile installation because my profile installation has failed many times due to wrong SSL Certificat. Does Apple also check the SSL Certificate when sending push notification as I have noticed a class com.notnoop.exceptions.InvalidSSLConfig? Does it check whether the server sending push notification has the SSL Certificate specified in the profile?
EDIT
When server send push notification to the device, the device responds with an Idle Message to the URL specified in Server URL. What happens if the SSL Certificate is invalid at this point. Does it produce an error?
2) Can multiple servers have the same push notification certificate to reduce the load on a single server to send push notification and send commands to devices? Will there be any conflict?
3) Is there any limit to the no. of push notifications sent using a single push notification certificate? If not, can it handle any number of push notifications?
4) Can the Check-in URL and Server URL in the profile be different?
EDIT
Can the Check-in URL and Server URL be of different servers i.e .,
CheckIN URL : https://www.domainone.com/MDM/
Server URL : https://www.domaintwo.com/MDM/
5) First question in this link(Least important) Though the solution talks about expiration of SSL Certificate, it does not say about changing of SSL Certificate.
EDIT 2
When a push notification certificate is renewed, how does a device with profile already installed update the certificate details in the device's profile?
1) When MDM Server sends push notification to the device, the device responds to the Server by contacting the Server URL. The SSL Certificate of the server has to match the SSL Certificate Payload in the profile. If there are any conflicts, there will be an error. So, the SSL Certificate is checked everytime the device contacts Serverl URL. The below error will be produced if there are any conflicts.
Desc : The Server Certificate for "Server URL" is invalid.
Domain : MCHTTPTransactionErrorDomain
2) Yes, multiple servers can have the same push notification certificate. Each server just need to know the password of the certificate.
3) I don't think there is any limit to the no. of push notifications sent. Check below links.
Reference 1
Reference 2
4) Your Server URL and Check-in URL can be different but should be of same host.
5) If the SSL Certificate is changed, the profile has to be deleted and a new profile has to be installed.
1) hmm AFAIK if your server has a SSL certificate then signing the profile with that certificate only verifies it. In terms of functionality I don't think it does anything. However, you do also need a certificate that is related to your server this is the one that goes inside the plist as part of the payload. It'll need to be the same one that server has. (Usually in a .p12 format)
2) Yes you can have multiple servers because essentially sending a push notification is just a request to apple with proper credentials.
3) I don't believe there is a limit to how many push notifications a certificate can send... but more so how frequently you're sending them. (for e.g. flooding apple with push notification requests)
4) Yes I strongly believe so but you should double check this
5) Again SSL certificate only just makes the profile verified AFAIK (if we're strictly talking about mdm). (edit: I forgot that there was another .p12 certificate that you could embed inside the profile. This provides authentication between the device and the server and will need to be the same SSL cert).
I currently have an application that sends push notifications to APNS, if I run this application locally on my computer (where i do my development) it sends the push notification without any error, however once i put the application on my linux server the exact same code with same device tokens fails to send and receives a "BadDeviceToken" error from APNS.
What would cause me to get this error on my server but not on my local computer? The .p12 certificate I have on my server is taken from my development APNS cert in my keychain on my local computer.
Any suggestions would be very helpful!
So I didn't realise that using Test flight actually requires production apps certificates.
Changed to using them and it all worked, apple should really have a different error message for that case so people don't spend all that time debugging the device token...
I want to send push notification without any APNS server and device token,like android there is NO local and push notifications but they can send device to device with out google permissions.
You can NOT send a push notification without using APNs. Why? first you need to understand how the technology works:
You need a certificate for a handshake.
You need a device token to be identified by APNs.
In your app, you have to register to APNs.
The app requests the certificate from APNs (handshake).
The server sends back its certificate.
The app will establish a connection to the server and send the PN certificate to the APN server.
The server will validate that you are a trusted app.
The app requests to create a token.
The server creates a token and sends it back.
In your app you save the token (to do e.g. push notifications to a specific user instead of a broadcast).
End.
So, as you see, you need to establish a trusted connection, the APNs is responsible for creating a token to identify your device within the network, and will be responsible for sending notifications.
For more info you could see:
Apple PNs
I have used the iOS development account for creating APNS SSL certificate for sending the push notification to an iOS device for development purpose. I can get the device token using objective c sample code in iOS device.Then I can use that device token to send push notification for that specific iOS device.
Now I am going to implement MDM and for MDM iOS Enterprise account is required. There are some questions, which I want to confirm if someone has already done.
So I want to know can I use iOS Enterprise account for creating "apns ssl certificate" for development purpose?
Can I get device token for an iOS device using the same objective C sample code, so that I can send the push notification via APNS to that specific iOS device for testing purpose?
First of all MDM push notification implementation is different than push notification for third party iOS application.
1)You have to use iOS Enterprise account for MDM push notification and there are few steps to get APNS certificate.
1.Refer MDM_Protocol and follow this link: http://www.softhinker.com/in-the-news/iosmdmvendorcsrsigning Then verify few things.
remove the passphrase from customerPrivateKey.pem using this command
openssl rsa -in customerPrivateKey.pem -out PlainKey.pem
Then merge your APNS certificate (for example CustomerCompanyName.pem) downloaded from the portal https://identity.apple.com/pushcert/ using this command
cat CustomerCompanyName.pem PlainKey.pem > PlainCert.pem
Now this PlainCert.pem file can be used in your server as APNS/MDM certificate.
2)In MDM push notification there are three keys
• PushMagic - a unique token the MDM server sends with each push request
• Token - a unique token that identifies the device to the APNS service
• UnlockToken - an escrow key used to clear the passcode on the device.
MDM push notification payload is also different than push notification payload.It should look like this:
{"aps":{},"mdm":PushMagic}
Take a look at http://urbanairship.com/ its a great service for handling push notifications and you can easily send test push notifications to any registered device.
Also this tutorial: http://mobile.tutsplus.com/tutorials/iphone/iphone-sdk_apns/ was an awesome resource for me in setting up push notifications with my app.
For your first question - yes you can. In the iOS dev site, go to provisioning portal > app ID's and enable you app for push notifications(dev or production).
1) see this answer
2) not for the MDM push token - this is sent to the MDM server during the 'check-in' procedure.