Changelog

4.1.6375 (28/02/2024)

4.1.6375 (2024-02-28)

updated release notes, fixed script typo View
updated release notes View
added remounting and refresh kerb ticket after network change View
fixed "Sign in" window issue (OIDC and AD Configured) #170 and Admin user set to Standard user on Local Login #173 View
Sign in prompted (While not connected to a network) #168 View
updated profile manifest View
[Feature Request] Local User Behavior #174 View
fixed crash on menu and edge case with both web and username password views showing View
bumped version View

4.1.6346 (2024-02-13)

added fix for override still prompting when overridesilent set View
fixed silentoverride issue View
fixed multiple share mounting View
fixed Update manifest pfm_last_modified and pfm_version #164 View
implemented [Feature Request] AD - Option to hide Sign-In menu item #150 View
implemented [Feature Request] Standard wallpaper options for default background #155 View

4.1.6313 (2024-02-06)

fixed issue with menu item not updating tokens View
fixed automount View
remove admin if we made them admin View
added check for not removing last admin user View
fixed prompting when both AD and cloud are configured View
added kerberosprincipalname pref and getting kerb ticket with oidc login View
added menuItemWindowBackgroundImageURL View
better selection of menu item prompting if both AD and OIDC is setup View
fixed issue with ACL on tokens in keychain View
added custom menu item pref View
ability to customize Share menu item; added username for AD and OIDC in menu View
added pref for shares View
added better descriptions to share manifest View
updated whats new View
updated manifest View

release-4.0 (2024-01-29)

4.0.6274 (2024-01-29)

fixed issue with local password update View
updated ropg prefs and checking View
Minor fixes for ropg View
fixed passwordElementID preference can cause issue with setting local password #161 View
PasswordOverwriteSilent does not prevent user prompt for password #160 View
shouldUseROPGForMenuLogin hides offline login option at XCreds login window #158 View
Improvement for refreshRateMinutes description #157 View
Typos in manifest descriptions #156 View
added release notes View

4.0.6261 (2024-01-15)

built release notes View
applied patch from Jim Zajkowski to fix integration issues View
fixed up kerb ticket status in menu View
refactored menu code View
fixed issue with updating keychain View
more attempt at sharemounter integration View
implemented shares View
added additional sample profiles View
fixed home mounting View
fixed enabing window state with AD View
pointed package to main branch for oidclite View
Allow forcing of webview login window View
Support separate client ID and secret for ropg View
wip View
fixed issue with ropg clientid/secret selection View
Keychain is reset on cloud password change when user enters old local password #148 View
Admin status does not change after removed from group #145 View
Fix manifest key name for loadPageInfo #143 View
bumped version View

4.0.6203 (2024-01-01)

added release notes and script to generate release notes View
Feature Request: Allow "loadpage.html" to be customized. #126. To test, add in new keys "loadPageTitle" and "loadPageInfo" or try the xcreds_example_azure_loadPageTitle_loadPageInfo.mobileconfig View
Update description in manifest for loginWindowWidth and loginWindowHeight #138 View
[feature request] LocalAD - make sync password with AD optional with preference key #130. To test, set the shouldPromptForADPasswordChange to false and set the user account to require password change on next login and verify the user is not prompted View
XCreds breaking Munki's logout/install @loginscreen logic #102. Test by defining hideIfPathExists to a path like /tmp/hide and then add/remove and UI should show /hide. Or use sample profile xcreds_example_azure_hide.mobileconfig View
Option to enforce account to log in #21. To test, create allowedUsersArray with name of user allowed to log in and define allowUsersClaim with an OIDC claim that contains that value. Or use the xcreds_example_azure_allow_fred.mobileconfig to test View
Feature Request: Force Wi-Fi on option or Wi-Fi on/off switch in "Configure Wi-Fi" #58 View
added removeadmin function but not used since it can cause local admins to unadmin View
loginWindowBackgroundImageURL image should be cached if not a file:// URL #72 View
bumped build number View

4.0.6177 (2023-12-28)

added date to license agreement to resolve Date not shown on user agreement #134 View
fixed Password reset dialog rendering and text need fixes #133 View
Cloud login screen button section pushed to left side #132 View
Active Directory login - blank login after expired user attempts sign-in #114 View
Prompt for Secure Token Admin Login When Required for AD #127 View
[bug] Build 6023 LocalAD - cancelling Change Password prompt breaks login fields. #129 View
Add ability to select active directory login to select mapped user account #136 View
fixed issue with initial focus View
#54 View
Request: display user password expiration (days left or specific date) in app. #54 View
Refresh does not change next password check time #88 View
changed cartfile to point to github View
removed framework View
removed framework View
added key for ROPG at login window View
partial refactor wip View
partial refactor wip View
partial refactor wip View
ropg at login window initial implementation View
cleaned up ropg login code View
hide refresh when on username/password window; move focus to blank password when not entered for username/password window View
fixed menu app password verification View
added ShareMounter and missing KerbUtil filet View
added username / password view to prompt in userspace View
fixed cancel for AD userspace cancel View
fixed override script in usersapce View
fixed typo View

4.0.6023 (2023-12-12)

use default desktop from CoreServices View
reload the login window when wifi is connected View
fix conflicts in XCreds app View
Add new NetworkMonitor and reload webview on network changes View
add new networkmonitor View
better handling of loginwindow reload View
bumped version View
bumped version View
Resolves #111 by only refreshing when on cloud login View
removed tperfitt from logging. issu #108 View
added info in DS for sub and iss when user is logging in and account is created View
initial implementation of allow user to select account to map to #98 View
added preference shouldAllowKeyComboForMacLoginWindow and key combo (control-option return) to switch logon window. command-option-control return for mac login window. Feature Request: Show / Hide the switch login button with a pref key. #121 View
Log shows tperfitt user profile path #108 View
Feature Request: Option to alias IdP username to local DS user account #59 View
add missing Credits.txt file View
fixed typo View
updated manifest for new keys View
showed Create New Account button in migration modal View
fixed issue #124: Default behavior wrong for shouldAllowKeyComboForMacLoginWindow View
refactored code to add admin to user account based on group membership each login (issue #109); added groups claim value to OD record on each login in _xcreds_oidc_groups (issue #117) View
updated license agreement (issue #90) View
Detect when no password was entered #17 View
updated animation when logging in View
adding arbitrary claims to local DS user account View
fixed Active Directory issue after password change #112 View
partial fix for #114 View
refactored windows to views View
fixed centering and cloud login sizing View
fixing timing for animation when logging in; tweaked UI View
streamlined startup process View
refactored dialogs for prompting for user info; fixed ad groups for making admin user View
added missing template for package View
fixed showing offline button View
implemented feature request: localad/kebereros support for saving groups to prefs #125 View
fixed enabling views when logging in View
fixed javascript to key on input instead of keydown/keyup View
implemented Prompt for Secure Token Admin Login When Required #123 View
fixed Update documented minimum for loginWindowWidth and loginWindowHeight #91 View
wip View
fixed issue with updating password in userspace View
bumped build number View

v3.2.1.6002 (2023-12-11)

use default desktop from CoreServices View
reload the login window when wifi is connected View
fix conflicts in XCreds app View
Add new NetworkMonitor and reload webview on network changes View
add new networkmonitor View
better handling of loginwindow reload View
bumped version View
bumped version View
Resolves #111 by only refreshing when on cloud login View
removed tperfitt from logging. issu #108 View
added info in DS for sub and iss when user is logging in and account is created View
initial implementation of allow user to select account to map to #98 View
added preference shouldAllowKeyComboForMacLoginWindow and key combo (control-option return) to switch logon window. command-option-control return for mac login window. Feature Request: Show / Hide the switch login button with a pref key. #121 View
Log shows tperfitt user profile path #108 View
Feature Request: Option to alias IdP username to local DS user account #59 View
add missing Credits.txt file View
fixed typo View
updated manifest for new keys View
showed Create New Account button in migration modal View
updated js View
bumped version and build View
adde missing credits file View

v3.3.5269 (2023-11-27)

use default desktop from CoreServices View
reload the login window when wifi is connected View
fix conflicts in XCreds app View
Add new NetworkMonitor and reload webview on network changes View
add new networkmonitor View
better handling of loginwindow reload View
bumped version View
bumped version View
Resolves #111 by only refreshing when on cloud login View
removed tperfitt from logging. issu #108 View
added info in DS for sub and iss when user is logging in and account is created View
initial implementation of allow user to select account to map to #98 View
added preference shouldAllowKeyComboForMacLoginWindow and key combo (control-option return) to switch logon window. command-option-control return for mac login window. Feature Request: Show / Hide the switch login button with a pref key. #121 View
Log shows tperfitt user profile path #108 View
Feature Request: Option to alias IdP username to local DS user account #59 View
add missing Credits.txt file View
fixed typo View
updated manifest for new keys View
showed Create New Account button in migration modal View

v3.2.5197 (2023-10-17)

updated readme View
Update README.md View
Update README.md View
updated url in profile manifest View
fixed issue 95: whitespace characters in password and username View
shouldPreferLocalLoginInsteadOfCloudLogin View
another attempt at fixing #95 View
wip View
fixed keyboard nav for controls View
issue #100: Detect Offline View
Add ability to check passwords via ROPG View
Rename prefkey to be more boolean View
update to profile manifest View
fixed typo in function name View
added a smidge more logging View
added self healing for auth rights View
updated manifest View

release_3_1 (2023-07-14)

updated readme View
Update README.md View
Update README.md View
updated history.md View
fixed check timer to still work if mac sleeps View
fixed issue with token update time View
fixed fade; cleaned up user mappings for weird characters View
final touches View
bumped to 3.2; added some additional logging View
bumped build number to 5000 View
updated permission for override_script View
changed version back to 3.1; added better about window with history; changed override script requirments to be owned by _securityagent and be 700 View
added command click login window for mac login window View
text fixes View
updated build script View
added back sample profie View
fixed timer minutes View

v3.1.4144 (2023-06-08)

updated AD support: kerb ticket now obtained at user space app launch from password in keychain. udpated profile manifest with better comments; delete cookes on webview each time it appears; added local login button; shows username password if discoveryURL is not defined View

v3.1.4143 (2023-06-07)

updated fullname View
added shake to password field View
added shake to password field View
get kerb ticket on login View

v3.1.4081 (2023-05-27)

updated readme View
Update README.md View
Update README.md View
added Package.resolved View
added XCredsLoginPlugIn/errorpage.html View
cleaned up build system a bit View
improved javascript parsing View
fixed issue with initial javascript listener View
cleaned up logging a bit View
removed reset option View
removed KeychainReset and PasswordOverwriteSilent because it makes things worse View
added lock screen switch to login window View
fixed window levels, progress screen, background and boot runner issues View
improved logging View
checkpoint View
added override script and secure token admin reset View
removed shouldFindPasswordElement since that is defaulit fallback behavior View
cleaned up ui a bit View
dont refresh prefs so much View
added check for group membership in oidc claim View
added history file View

release-3.0 (2023-05-08)

updated readme View
Update README.md View
Update README.md View

release_3_0 (2023-04-18)

added trial license beginnings View
fixed regression for password change not capturing new password on azure View
bumped version to 3600 View
fixed issue with crash if time is far off View
fixed typo View
updated license View
fixed focus issue View

release_v2_4 (2023-03-28)

updated readme View
Update README.md View
Update README.md View
added more logging for id token and bumped version to 2.3 View
added remove keychain option View
updated language on keychain option and added pref in manifest View
added key for customizing return to xcreds; added preference and ability to automatically refresh login window View
added in login window height/width View
added in login window height/width min value of 100 View
added in login window height/width min value of 100 View
fixed login window size and background image View
fixed focus issue View
updated sample configu View
tweaked text for user space refresh token window and added pref to show or hide View
fixed names and links in manifest View
fixed crashing issue due to null refreshview outlet View
added frontmost when prompting for keychain password View
fixed issue with autorefresh View
fixed changing wifi not dismissing dialog View
fixed changing wifi not dismissing dialog View
added 802.1x support; added support for pref key for finding password based on type=password View
wip View

release_v2_1 (2023-01-11)

realease_v2_2 (2023-01-11)

updated readme View
support getting password with get and adfs View
Revert "support getting password with get and adfs" View
changed pref names for custom IDP / ADFS View
fixed package template issue and updated manifest View
Update README.md View
enabled rekeying FileVault implementation View
Support a Azure AD host View
If fullname is empty, shorname is used. View
added autologin when fv enabled View
added okta compatibility View
added a bit more logging View
removed "prompt":"consent" View
fixed notification prompt View
added shouldShowCloudLoginByDefault user default View
added idhostnames array so you can specify multiple tenants View
removed registration reminder View
removed spaces View
Update README.md View
added mappings for user info View
bumped version to 2.2 and build View
added new key for OIDC mapping View
made keys lowercase for mappings View
changed case of keys View
renamed mapped prefs with a prefix View
username hint was not being set View
added startup script View
added credit to script View
implemented KeychainReset View
implemented PasswordOverwriteSilent View
removed show prefs menu View
fixed timer issue View
fixed shouldShowCloudLoginByDefault not working View
fixed edge case when not showing xcreds login when logging out View
removed test time View
added sub as local user account if other methods not available; added some additional logging View
remove progress screen overlay because it was hiding filevault View

release_v2_0 (2022-08-30)

bumped version to 1.1 View
added sample profile for google View
Cloud password verification dialog not centered... #15 View
add "have token" indicator #10 View
Hide "About XCreds" menu item #18; Ability to add a custom URL and menu item for "Change Password #18 View
start of login window View
pass username and password for login window View
added fade to login window complete View
restart and shutdown buttons View
implemented swiching back to mac login window View
wip View
fixed xcreds breakage due to refactoring for xcreds login window View
added keychain updating with tokens View
xcreds login window View
added return to cloud login and wait message View
bumped version View
updated manifest View
added username to manifest View
fixed install scripts View
updated readme View
updaed sample profiles View
added arbitrary check for password in form View
bumped build number View
fixed idtoken required values causing failure View
added build number when starting up View
added build number when starting up in mechnism View
added build number when starting up in mechnism View
create user mech View
tweaked create user View
added FDE enable View
updated prefs View
added fde option View
added network changing detection to reload page View
fixed status icon issue; fixed lack of prompting on first launch View
added default to create keychain View
added better loading at start View
updated loading message View
smother transitions and background image View
fixed background image url View
fixed overlay not showing View
fixed regression with back to my xcreds View
add tweak to back to my xcreds View
more tweaks to back to my xcreds View
fixed minor issues with prefs View
reverted default View
project update View

prebeta (2022-06-15)

Update README.md View
Update README.md View
added support for Google IdP View

4.1.6346 (2024-02-13) (13/02/2024)

4.1.6346 (2024-02-13)

added fix for override still prompting when overridesilent set View
fixed silentoverride issue View
fixed multiple share mounting View
fixed Update manifest pfm_last_modified and pfm_version #164 View
implemented [Feature Request] AD - Option to hide Sign-In menu item #150 View
implemented [Feature Request] Standard wallpaper options for default background #155 View

4.1.6313 (2024-02-06)

fixed issue with menu item not updating tokens View
fixed automount View
remove admin if we made them admin View
added check for not removing last admin user View
fixed prompting when both AD and cloud are configured View
added kerberosprincipalname pref and getting kerb ticket with oidc login View
added menuItemWindowBackgroundImageURL View
better selection of menu item prompting if both AD and OIDC is setup View
fixed issue with ACL on tokens in keychain View
added custom menu item pref View
ability to customize Share menu item; added username for AD and OIDC in menu View
added pref for shares View
added better descriptions to share manifest View
updated whats new View
updated manifest View

XCreds 4.1 (06/02/2024)

4.1.6313 (2024-02-06)

See https://twocanoes.com/knowledge-base/whats-new-in-xcreds-4-1/ for full details

fixed issue with menu item not updating tokens View
fixed automount View
remove admin if we made them admin View
added check for not removing last admin user View
fixed prompting when both AD and cloud are configured View
added kerberosprincipalname pref and getting kerb ticket with oidc login View
added menuItemWindowBackgroundImageURL View
better selection of menu item prompting if both AD and OIDC is setup View
fixed issue with ACL on tokens in keychain View
added custom menu item pref View
ability to customize Share menu item; added username for AD and OIDC in menu View
added pref for shares View
added better descriptions to share manifest View
updated whats new View
updated manifest View

XCreds 4.0 (29/01/2024)

4.0.6274 (2024-01-26)

fixed issue with local password update View
updated ropg prefs and checking View
Minor fixes for ropg View
fixed passwordElementID preference can cause issue with setting local password #161 View
PasswordOverwriteSilent does not prevent user prompt for password #160 View
shouldUseROPGForMenuLogin hides offline login option at XCreds login window #158 View
Improvement for refreshRateMinutes description #157 View
Typos in manifest descriptions #156 View

4.0.6261 (2024-01-15)

built release notes View
applied patch from Jim Zajkowski to fix integration issues View
fixed up kerb ticket status in menu View
refactored menu code View
fixed issue with updating keychain View
more attempt at sharemounter integration View
implemented shares View
added additional sample profiles View
fixed home mounting View
fixed enabing window state with AD View
pointed package to main branch for oidclite View
Allow forcing of webview login window View
Support separate client ID and secret for ropg View
wip View
fixed issue with ropg clientid/secret selection View
Keychain is reset on cloud password change when user enters old local password #148 View
Admin status does not change after removed from group #145 View
Fix manifest key name for loadPageInfo #143 View
bumped version View

4.0.6203 (2024-01-01)

added release notes and script to generate release notes View
Feature Request: Allow "loadpage.html" to be customized. #126. To test, add in new keys "loadPageTitle" and "loadPageInfo" or try the xcreds_example_azure_loadPageTitle_loadPageInfo.mobileconfig View
Update description in manifest for loginWindowWidth and loginWindowHeight #138 View
[feature request] LocalAD - make sync password with AD optional with preference key #130. To test, set the shouldPromptForADPasswordChange to false and set the user account to require password change on next login and verify the user is not prompted View
XCreds breaking Munki's logout/install @loginscreen logic #102. Test by defining hideIfPathExists to a path like /tmp/hide and then add/remove and UI should show /hide. Or use sample profile xcreds_example_azure_hide.mobileconfig View
Option to enforce account to log in #21. To test, create allowedUsersArray with name of user allowed to log in and define allowUsersClaim with an OIDC claim that contains that value. Or use the xcreds_example_azure_allow_fred.mobileconfig to test View
Feature Request: Force Wi-Fi on option or Wi-Fi on/off switch in "Configure Wi-Fi" #58 View
added removeadmin function but not used since it can cause local admins to unadmin View
loginWindowBackgroundImageURL image should be cached if not a file:// URL #72 View
bumped build number View

4.0.6177 (2023-12-28)

added date to license agreement to resolve Date not shown on user agreement #134 View
fixed Password reset dialog rendering and text need fixes #133 View
Cloud login screen button section pushed to left side #132 View
Active Directory login - blank login after expired user attempts sign-in #114 View
Prompt for Secure Token Admin Login When Required for AD #127 View
[bug] Build 6023 LocalAD - cancelling Change Password prompt breaks login fields. #129 View
Add ability to select active directory login to select mapped user account #136 View
fixed issue with initial focus View
#54 View
Request: display user password expiration (days left or specific date) in app. #54 View
Refresh does not change next password check time #88 View
changed cartfile to point to github View
removed framework View
removed framework View
added key for ROPG at login window View
partial refactor wip View
partial refactor wip View
partial refactor wip View
ropg at login window initial implementation View
cleaned up ropg login code View
hide refresh when on username/password window; move focus to blank password when not entered for username/password window View
fixed menu app password verification View
added ShareMounter and missing KerbUtil filet View
added username / password view to prompt in userspace View
fixed cancel for AD userspace cancel View
fixed override script in usersapce View
fixed typo View

4.0.6023 (2023-12-12)

use default desktop from CoreServices View
reload the login window when wifi is connected View
fix conflicts in XCreds app View
Add new NetworkMonitor and reload webview on network changes View
add new networkmonitor View
better handling of loginwindow reload View
bumped version View
bumped version View
Resolves #111 by only refreshing when on cloud login View
removed tperfitt from logging. issu #108 View
added info in DS for sub and iss when user is logging in and account is created View
initial implementation of allow user to select account to map to #98 View
added preference shouldAllowKeyComboForMacLoginWindow and key combo (control-option return) to switch logon window. command-option-control return for mac login window. Feature Request: Show / Hide the switch login button with a pref key. #121 View
Log shows tperfitt user profile path #108 View
Feature Request: Option to alias IdP username to local DS user account #59 View
add missing Credits.txt file View
fixed typo View
updated manifest for new keys View
showed Create New Account button in migration modal View
fixed issue #124: Default behavior wrong for shouldAllowKeyComboForMacLoginWindow View
refactored code to add admin to user account based on group membership each login (issue #109); added groups claim value to OD record on each login in _xcreds_oidc_groups (issue #117) View
updated license agreement (issue #90) View
Detect when no password was entered #17 View
updated animation when logging in View
adding arbitrary claims to local DS user account View
fixed Active Directory issue after password change #112 View
partial fix for #114 View
refactored windows to views View
fixed centering and cloud login sizing View
fixing timing for animation when logging in; tweaked UI View
streamlined startup process View
refactored dialogs for prompting for user info; fixed ad groups for making admin user View
added missing template for package View
fixed showing offline button View
implemented feature request: localad/kebereros support for saving groups to prefs #125 View
fixed enabling views when logging in View
fixed javascript to key on input instead of keydown/keyup View
implemented Prompt for Secure Token Admin Login When Required #123 View
fixed Update documented minimum for loginWindowWidth and loginWindowHeight #91 View
wip View
fixed issue with updating password in userspace View
bumped build number View

v3.2.1.6002 (2023-12-11)

use default desktop from CoreServices View
reload the login window when wifi is connected View
fix conflicts in XCreds app View
Add new NetworkMonitor and reload webview on network changes View
add new networkmonitor View
better handling of loginwindow reload View
bumped version View
bumped version View
Resolves #111 by only refreshing when on cloud login View
removed tperfitt from logging. issu #108 View
added info in DS for sub and iss when user is logging in and account is created View
initial implementation of allow user to select account to map to #98 View
added preference shouldAllowKeyComboForMacLoginWindow and key combo (control-option return) to switch logon window. command-option-control return for mac login window. Feature Request: Show / Hide the switch login button with a pref key. #121 View
Log shows tperfitt user profile path #108 View
Feature Request: Option to alias IdP username to local DS user account #59 View
add missing Credits.txt file View
fixed typo View
updated manifest for new keys View
showed Create New Account button in migration modal View
updated js View
bumped version and build View
adde missing credits file View

v3.3.5269 (2023-11-27)

use default desktop from CoreServices View
reload the login window when wifi is connected View
fix conflicts in XCreds app View
Add new NetworkMonitor and reload webview on network changes View
add new networkmonitor View
better handling of loginwindow reload View
bumped version View
bumped version View
Resolves #111 by only refreshing when on cloud login View
removed tperfitt from logging. issu #108 View
added info in DS for sub and iss when user is logging in and account is created View
initial implementation of allow user to select account to map to #98 View
added preference shouldAllowKeyComboForMacLoginWindow and key combo (control-option return) to switch logon window. command-option-control return for mac login window. Feature Request: Show / Hide the switch login button with a pref key. #121 View
Log shows tperfitt user profile path #108 View
Feature Request: Option to alias IdP username to local DS user account #59 View
add missing Credits.txt file View
fixed typo View
updated manifest for new keys View
showed Create New Account button in migration modal View

v3.2.5197 (2023-10-17)

updated readme View
Update README.md View
Update README.md View
updated url in profile manifest View
fixed issue 95: whitespace characters in password and username View
shouldPreferLocalLoginInsteadOfCloudLogin View
another attempt at fixing #95 View
wip View
fixed keyboard nav for controls View
issue #100: Detect Offline View
Add ability to check passwords via ROPG View
Rename prefkey to be more boolean View
update to profile manifest View
fixed typo in function name View
added a smidge more logging View
added self healing for auth rights View
updated manifest View

release_3_1 (2023-07-14)

updated readme View
Update README.md View
Update README.md View
updated history.md View
fixed check timer to still work if mac sleeps View
fixed issue with token update time View
fixed fade; cleaned up user mappings for weird characters View
final touches View
bumped to 3.2; added some additional logging View
bumped build number to 5000 View
updated permission for override_script View
changed version back to 3.1; added better about window with history; changed override script requirments to be owned by _securityagent and be 700 View
added command click login window for mac login window View
text fixes View
updated build script View
added back sample profie View
fixed timer minutes View

v3.1.4144 (2023-06-08)

updated AD support: kerb ticket now obtained at user space app launch from password in keychain. udpated profile manifest with better comments; delete cookes on webview each time it appears; added local login button; shows username password if discoveryURL is not defined View

v3.1.4143 (2023-06-07)

updated fullname View
added shake to password field View
added shake to password field View
get kerb ticket on login View

v3.1.4081 (2023-05-27)

updated readme View
Update README.md View
Update README.md View
added Package.resolved View
added XCredsLoginPlugIn/errorpage.html View
cleaned up build system a bit View
improved javascript parsing View
fixed issue with initial javascript listener View
cleaned up logging a bit View
removed reset option View
removed KeychainReset and PasswordOverwriteSilent because it makes things worse View
added lock screen switch to login window View
fixed window levels, progress screen, background and boot runner issues View
improved logging View
checkpoint View
added override script and secure token admin reset View
removed shouldFindPasswordElement since that is defaulit fallback behavior View
cleaned up ui a bit View
dont refresh prefs so much View
added check for group membership in oidc claim View
added history file View

release-3.0 (2023-05-08)

updated readme View
Update README.md View
Update README.md View

release_3_0 (2023-04-18)

added trial license beginnings View
fixed regression for password change not capturing new password on azure View
bumped version to 3600 View
fixed issue with crash if time is far off View
fixed typo View
updated license View
fixed focus issue View

release_v2_4 (2023-03-28)

updated readme View
Update README.md View
Update README.md View
added more logging for id token and bumped version to 2.3 View
added remove keychain option View
updated language on keychain option and added pref in manifest View
added key for customizing return to xcreds; added preference and ability to automatically refresh login window View
added in login window height/width View
added in login window height/width min value of 100 View
added in login window height/width min value of 100 View
fixed login window size and background image View
fixed focus issue View
updated sample configu View
tweaked text for user space refresh token window and added pref to show or hide View
fixed names and links in manifest View
fixed crashing issue due to null refreshview outlet View
added frontmost when prompting for keychain password View
fixed issue with autorefresh View
fixed changing wifi not dismissing dialog View
fixed changing wifi not dismissing dialog View
added 802.1x support; added support for pref key for finding password based on type=password View
wip View

release_v2_1 (2023-01-11)

realease_v2_2 (2023-01-11)

updated readme View
support getting password with get and adfs View
Revert "support getting password with get and adfs" View
changed pref names for custom IDP / ADFS View
fixed package template issue and updated manifest View
Update README.md View
enabled rekeying FileVault implementation View
Support a Azure AD host View
If fullname is empty, shorname is used. View
added autologin when fv enabled View
added okta compatibility View
added a bit more logging View
removed "prompt":"consent" View
fixed notification prompt View
added shouldShowCloudLoginByDefault user default View
added idhostnames array so you can specify multiple tenants View
removed registration reminder View
removed spaces View
Update README.md View
added mappings for user info View
bumped version to 2.2 and build View
added new key for OIDC mapping View
made keys lowercase for mappings View
changed case of keys View
renamed mapped prefs with a prefix View
username hint was not being set View
added startup script View
added credit to script View
implemented KeychainReset View
implemented PasswordOverwriteSilent View
removed show prefs menu View
fixed timer issue View
fixed shouldShowCloudLoginByDefault not working View
fixed edge case when not showing xcreds login when logging out View
removed test time View
added sub as local user account if other methods not available; added some additional logging View
remove progress screen overlay because it was hiding filevault View

release_v2_0 (2022-08-30)

bumped version to 1.1 View
added sample profile for google View
Cloud password verification dialog not centered... #15 View
add "have token" indicator #10 View
Hide "About XCreds" menu item #18; Ability to add a custom URL and menu item for "Change Password #18 View
start of login window View
pass username and password for login window View
added fade to login window complete View
restart and shutdown buttons View
implemented swiching back to mac login window View
wip View
fixed xcreds breakage due to refactoring for xcreds login window View
added keychain updating with tokens View
xcreds login window View
added return to cloud login and wait message View
bumped version View
updated manifest View
added username to manifest View
fixed install scripts View
updated readme View
updaed sample profiles View
added arbitrary check for password in form View
bumped build number View
fixed idtoken required values causing failure View
added build number when starting up View
added build number when starting up in mechnism View
added build number when starting up in mechnism View
create user mech View
tweaked create user View
added FDE enable View
updated prefs View
added fde option View
added network changing detection to reload page View
fixed status icon issue; fixed lack of prompting on first launch View
added default to create keychain View
added better loading at start View
updated loading message View
smother transitions and background image View
fixed background image url View
fixed overlay not showing View
fixed regression with back to my xcreds View
add tweak to back to my xcreds View
more tweaks to back to my xcreds View
fixed minor issues with prefs View
reverted default View
project update View

prebeta (2022-06-15)

Update README.md View
Update README.md View
added support for Google IdP View

XCreds 4 Beta 5 (15/01/2024)

4.0.6261 (2024-01-15)

built release notes View
applied patch from Jim Zajkowski to fix integration issues View
fixed up kerb ticket status in menu View
refactored menu code View
fixed issue with updating keychain View
more attempt at sharemounter integration View
implemented shares View
added additional sample profiles View
fixed home mounting View
fixed enabing window state with AD View
pointed package to main branch for oidclite View
Allow forcing of webview login window View
Support separate client ID and secret for ropg View
wip View
fixed issue with ropg clientid/secret selection View
Keychain is reset on cloud password change when user enters old local password #148 View
Admin status does not change after removed from group #145 View
Fix manifest key name for loadPageInfo #143 View
bumped version View

4.0.6203 (2024-01-01)

added release notes and script to generate release notes View
Feature Request: Allow "loadpage.html" to be customized. #126. To test, add in new keys "loadPageTitle" and "loadPageInfo" or try the xcreds_example_azure_loadPageTitle_loadPageInfo.mobileconfig View
Update description in manifest for loginWindowWidth and loginWindowHeight #138 View
[feature request] LocalAD - make sync password with AD optional with preference key #130. To test, set the shouldPromptForADPasswordChange to false and set the user account to require password change on next login and verify the user is not prompted View
XCreds breaking Munki's logout/install @loginscreen logic #102. Test by defining hideIfPathExists to a path like /tmp/hide and then add/remove and UI should show /hide. Or use sample profile xcreds_example_azure_hide.mobileconfig View
Option to enforce account to log in #21. To test, create allowedUsersArray with name of user allowed to log in and define allowUsersClaim with an OIDC claim that contains that value. Or use the xcreds_example_azure_allow_fred.mobileconfig to test View
Feature Request: Force Wi-Fi on option or Wi-Fi on/off switch in "Configure Wi-Fi" #58 View
added removeadmin function but not used since it can cause local admins to unadmin View
loginWindowBackgroundImageURL image should be cached if not a file:// URL #72 View
bumped build number View

4.0.6177 (2023-12-28)

added date to license agreement to resolve Date not shown on user agreement #134 View
fixed Password reset dialog rendering and text need fixes #133 View
Cloud login screen button section pushed to left side #132 View
Active Directory login - blank login after expired user attempts sign-in #114 View
Prompt for Secure Token Admin Login When Required for AD #127 View
[bug] Build 6023 LocalAD - cancelling Change Password prompt breaks login fields. #129 View
Add ability to select active directory login to select mapped user account #136 View
fixed issue with initial focus View
#54 View
Request: display user password expiration (days left or specific date) in app. #54 View
Refresh does not change next password check time #88 View
changed cartfile to point to github View
removed framework View
removed framework View
added key for ROPG at login window View
partial refactor wip View
partial refactor wip View
partial refactor wip View
ropg at login window initial implementation View
cleaned up ropg login code View
hide refresh when on username/password window; move focus to blank password when not entered for username/password window View
fixed menu app password verification View
added ShareMounter and missing KerbUtil filet View
added username / password view to prompt in userspace View
fixed cancel for AD userspace cancel View
fixed override script in usersapce View
fixed typo View

4.0.6023 (2023-12-12)

use default desktop from CoreServices View
reload the login window when wifi is connected View
fix conflicts in XCreds app View
Add new NetworkMonitor and reload webview on network changes View
add new networkmonitor View
better handling of loginwindow reload View
bumped version View
bumped version View
Resolves #111 by only refreshing when on cloud login View
removed tperfitt from logging. issu #108 View
added info in DS for sub and iss when user is logging in and account is created View
initial implementation of allow user to select account to map to #98 View
added preference shouldAllowKeyComboForMacLoginWindow and key combo (control-option return) to switch logon window. command-option-control return for mac login window. Feature Request: Show / Hide the switch login button with a pref key. #121 View
Log shows tperfitt user profile path #108 View
Feature Request: Option to alias IdP username to local DS user account #59 View
add missing Credits.txt file View
fixed typo View
updated manifest for new keys View
showed Create New Account button in migration modal View
fixed issue #124: Default behavior wrong for shouldAllowKeyComboForMacLoginWindow View
refactored code to add admin to user account based on group membership each login (issue #109); added groups claim value to OD record on each login in _xcreds_oidc_groups (issue #117) View
updated license agreement (issue #90) View
Detect when no password was entered #17 View
updated animation when logging in View
adding arbitrary claims to local DS user account View
fixed Active Directory issue after password change #112 View
partial fix for #114 View
refactored windows to views View
fixed centering and cloud login sizing View
fixing timing for animation when logging in; tweaked UI View
streamlined startup process View
refactored dialogs for prompting for user info; fixed ad groups for making admin user View
added missing template for package View
fixed showing offline button View
implemented feature request: localad/kebereros support for saving groups to prefs #125 View
fixed enabling views when logging in View
fixed javascript to key on input instead of keydown/keyup View
implemented Prompt for Secure Token Admin Login When Required #123 View
fixed Update documented minimum for loginWindowWidth and loginWindowHeight #91 View
wip View
fixed issue with updating password in userspace View
bumped build number View

v3.2.1.6002 (2023-12-11)

use default desktop from CoreServices View
reload the login window when wifi is connected View
fix conflicts in XCreds app View
Add new NetworkMonitor and reload webview on network changes View
add new networkmonitor View
better handling of loginwindow reload View
bumped version View
bumped version View
Resolves #111 by only refreshing when on cloud login View
removed tperfitt from logging. issu #108 View
added info in DS for sub and iss when user is logging in and account is created View
initial implementation of allow user to select account to map to #98 View
added preference shouldAllowKeyComboForMacLoginWindow and key combo (control-option return) to switch logon window. command-option-control return for mac login window. Feature Request: Show / Hide the switch login button with a pref key. #121 View
Log shows tperfitt user profile path #108 View
Feature Request: Option to alias IdP username to local DS user account #59 View
add missing Credits.txt file View
fixed typo View
updated manifest for new keys View
showed Create New Account button in migration modal View
updated js View
bumped version and build View
adde missing credits file View

v3.3.5269 (2023-11-27)

use default desktop from CoreServices View
reload the login window when wifi is connected View
fix conflicts in XCreds app View
Add new NetworkMonitor and reload webview on network changes View
add new networkmonitor View
better handling of loginwindow reload View
bumped version View
bumped version View
Resolves #111 by only refreshing when on cloud login View
removed tperfitt from logging. issu #108 View
added info in DS for sub and iss when user is logging in and account is created View
initial implementation of allow user to select account to map to #98 View
added preference shouldAllowKeyComboForMacLoginWindow and key combo (control-option return) to switch logon window. command-option-control return for mac login window. Feature Request: Show / Hide the switch login button with a pref key. #121 View
Log shows tperfitt user profile path #108 View
Feature Request: Option to alias IdP username to local DS user account #59 View
add missing Credits.txt file View
fixed typo View
updated manifest for new keys View
showed Create New Account button in migration modal View

v3.2.5197 (2023-10-17)

updated readme View
Update README.md View
Update README.md View
updated url in profile manifest View
fixed issue 95: whitespace characters in password and username View
shouldPreferLocalLoginInsteadOfCloudLogin View
another attempt at fixing #95 View
wip View
fixed keyboard nav for controls View
issue #100: Detect Offline View
Add ability to check passwords via ROPG View
Rename prefkey to be more boolean View
update to profile manifest View
fixed typo in function name View
added a smidge more logging View
added self healing for auth rights View
updated manifest View

release_3_1 (2023-07-14)

updated readme View
Update README.md View
Update README.md View
updated history.md View
fixed check timer to still work if mac sleeps View
fixed issue with token update time View
fixed fade; cleaned up user mappings for weird characters View
final touches View
bumped to 3.2; added some additional logging View
bumped build number to 5000 View
updated permission for override_script View
changed version back to 3.1; added better about window with history; changed override script requirments to be owned by _securityagent and be 700 View
added command click login window for mac login window View
text fixes View
updated build script View
added back sample profie View
fixed timer minutes View

v3.1.4144 (2023-06-08)

updated AD support: kerb ticket now obtained at user space app launch from password in keychain. udpated profile manifest with better comments; delete cookes on webview each time it appears; added local login button; shows username password if discoveryURL is not defined View

v3.1.4143 (2023-06-07)

updated fullname View
added shake to password field View
added shake to password field View
get kerb ticket on login View

v3.1.4081 (2023-05-27)

updated readme View
Update README.md View
Update README.md View
added Package.resolved View
added XCredsLoginPlugIn/errorpage.html View
cleaned up build system a bit View
improved javascript parsing View
fixed issue with initial javascript listener View
cleaned up logging a bit View
removed reset option View
removed KeychainReset and PasswordOverwriteSilent because it makes things worse View
added lock screen switch to login window View
fixed window levels, progress screen, background and boot runner issues View
improved logging View
checkpoint View
added override script and secure token admin reset View
removed shouldFindPasswordElement since that is defaulit fallback behavior View
cleaned up ui a bit View
dont refresh prefs so much View
added check for group membership in oidc claim View
added history file View

release-3.0 (2023-05-08)

updated readme View
Update README.md View
Update README.md View

release_3_0 (2023-04-18)

added trial license beginnings View
fixed regression for password change not capturing new password on azure View
bumped version to 3600 View
fixed issue with crash if time is far off View
fixed typo View
updated license View
fixed focus issue View

release_v2_4 (2023-03-28)

updated readme View
Update README.md View
Update README.md View
added more logging for id token and bumped version to 2.3 View
added remove keychain option View
updated language on keychain option and added pref in manifest View
added key for customizing return to xcreds; added preference and ability to automatically refresh login window View
added in login window height/width View
added in login window height/width min value of 100 View
added in login window height/width min value of 100 View
fixed login window size and background image View
fixed focus issue View
updated sample configu View
tweaked text for user space refresh token window and added pref to show or hide View
fixed names and links in manifest View
fixed crashing issue due to null refreshview outlet View
added frontmost when prompting for keychain password View
fixed issue with autorefresh View
fixed changing wifi not dismissing dialog View
fixed changing wifi not dismissing dialog View
added 802.1x support; added support for pref key for finding password based on type=password View
wip View

release_v2_1 (2023-01-11)

realease_v2_2 (2023-01-11)

updated readme View
support getting password with get and adfs View
Revert "support getting password with get and adfs" View
changed pref names for custom IDP / ADFS View
fixed package template issue and updated manifest View
Update README.md View
enabled rekeying FileVault implementation View
Support a Azure AD host View
If fullname is empty, shorname is used. View
added autologin when fv enabled View
added okta compatibility View
added a bit more logging View
removed "prompt":"consent" View
fixed notification prompt View
added shouldShowCloudLoginByDefault user default View
added idhostnames array so you can specify multiple tenants View
removed registration reminder View
removed spaces View
Update README.md View
added mappings for user info View
bumped version to 2.2 and build View
added new key for OIDC mapping View
made keys lowercase for mappings View
changed case of keys View
renamed mapped prefs with a prefix View
username hint was not being set View
added startup script View
added credit to script View
implemented KeychainReset View
implemented PasswordOverwriteSilent View
removed show prefs menu View
fixed timer issue View
fixed shouldShowCloudLoginByDefault not working View
fixed edge case when not showing xcreds login when logging out View
removed test time View
added sub as local user account if other methods not available; added some additional logging View
remove progress screen overlay because it was hiding filevault View

release_v2_0 (2022-08-30)

bumped version to 1.1 View
added sample profile for google View
Cloud password verification dialog not centered... #15 View
add "have token" indicator #10 View
Hide "About XCreds" menu item #18; Ability to add a custom URL and menu item for "Change Password #18 View
start of login window View
pass username and password for login window View
added fade to login window complete View
restart and shutdown buttons View
implemented swiching back to mac login window View
wip View
fixed xcreds breakage due to refactoring for xcreds login window View
added keychain updating with tokens View
xcreds login window View
added return to cloud login and wait message View
bumped version View
updated manifest View
added username to manifest View
fixed install scripts View
updated readme View
updaed sample profiles View
added arbitrary check for password in form View
bumped build number View
fixed idtoken required values causing failure View
added build number when starting up View
added build number when starting up in mechnism View
added build number when starting up in mechnism View
create user mech View
tweaked create user View
added FDE enable View
updated prefs View
added fde option View
added network changing detection to reload page View
fixed status icon issue; fixed lack of prompting on first launch View
added default to create keychain View
added better loading at start View
updated loading message View
smother transitions and background image View
fixed background image url View
fixed overlay not showing View
fixed regression with back to my xcreds View
add tweak to back to my xcreds View
more tweaks to back to my xcreds View
fixed minor issues with prefs View
reverted default View
project update View

prebeta (2022-06-15)

Update README.md View
Update README.md View
added support for Google IdP View

XCreds 4 Beta 4 (01/01/2024)

What's New

Bug fixes and and minor tweaks

4.0.6203 (2024-01-01)

added release notes and script to generate release notes View
Feature Request: Allow "loadpage.html" to be customized. #126. To test, add in new keys "loadPageTitle" and "loadPageInfo" or try the xcreds_example_azure_loadPageTitle_loadPageInfo.mobileconfig View
Update description in manifest for loginWindowWidth and loginWindowHeight #138 View
[feature request] LocalAD - make sync password with AD optional with preference key #130. To test, set the shouldPromptForADPasswordChange to false and set the user account to require password change on next login and verify the user is not prompted View
XCreds breaking Munki's logout/install @loginscreen logic #102. Test by defining hideIfPathExists to a path like /tmp/hide and then add/remove and UI should show /hide. Or use sample profile xcreds_example_azure_hide.mobileconfig View
Option to enforce account to log in #21. To test, create allowedUsersArray with name of user allowed to log in and define allowUsersClaim with an OIDC claim that contains that value. Or use the xcreds_example_azure_allow_fred.mobileconfig to test View
Feature Request: Force Wi-Fi on option or Wi-Fi on/off switch in "Configure Wi-Fi" #58 View
added removeadmin function but not used since it can cause local admins to unadmin View
loginWindowBackgroundImageURL image should be cached if not a file:// URL #72 View
bumped build number View

4.0.6177 (2023-12-28)

added date to license agreement to resolve Date not shown on user agreement #134 View
fixed Password reset dialog rendering and text need fixes #133 View
Cloud login screen button section pushed to left side #132 View
Active Directory login - blank login after expired user attempts sign-in #114 View
Prompt for Secure Token Admin Login When Required for AD #127 View
[bug] Build 6023 LocalAD - cancelling Change Password prompt breaks login fields. #129 View
Add ability to select active directory login to select mapped user account #136 View
fixed issue with initial focus View
#54 View
Request: display user password expiration (days left or specific date) in app. #54 View
Refresh does not change next password check time #88 View
changed cartfile to point to github View
removed framework View
removed framework View
added key for ROPG at login window View
partial refactor wip View
partial refactor wip View
partial refactor wip View
ropg at login window initial implementation View
cleaned up ropg login code View
hide refresh when on username/password window; move focus to blank password when not entered for username/password window View
fixed menu app password verification View
added ShareMounter and missing KerbUtil filet View
added username / password view to prompt in userspace View
fixed cancel for AD userspace cancel View
fixed override script in usersapce View
fixed typo View

4.0.6023 (2023-12-12)

use default desktop from CoreServices View
reload the login window when wifi is connected View
fix conflicts in XCreds app View
Add new NetworkMonitor and reload webview on network changes View
add new networkmonitor View
better handling of loginwindow reload View
bumped version View
bumped version View
Resolves #111 by only refreshing when on cloud login View
removed tperfitt from logging. issu #108 View
added info in DS for sub and iss when user is logging in and account is created View
initial implementation of allow user to select account to map to #98 View
added preference shouldAllowKeyComboForMacLoginWindow and key combo (control-option return) to switch logon window. command-option-control return for mac login window. Feature Request: Show / Hide the switch login button with a pref key. #121 View
Log shows tperfitt user profile path #108 View
Feature Request: Option to alias IdP username to local DS user account #59 View
add missing Credits.txt file View
fixed typo View
updated manifest for new keys View
showed Create New Account button in migration modal View
fixed issue #124: Default behavior wrong for shouldAllowKeyComboForMacLoginWindow View
refactored code to add admin to user account based on group membership each login (issue #109); added groups claim value to OD record on each login in _xcreds_oidc_groups (issue #117) View
updated license agreement (issue #90) View
Detect when no password was entered #17 View
updated animation when logging in View
adding arbitrary claims to local DS user account View
fixed Active Directory issue after password change #112 View
partial fix for #114 View
refactored windows to views View
fixed centering and cloud login sizing View
fixing timing for animation when logging in; tweaked UI View
streamlined startup process View
refactored dialogs for prompting for user info; fixed ad groups for making admin user View
added missing template for package View
fixed showing offline button View
implemented feature request: localad/kebereros support for saving groups to prefs #125 View
fixed enabling views when logging in View
fixed javascript to key on input instead of keydown/keyup View
implemented Prompt for Secure Token Admin Login When Required #123 View
fixed Update documented minimum for loginWindowWidth and loginWindowHeight #91 View
wip View
fixed issue with updating password in userspace View
bumped build number View

v3.2.1.6002 (2023-12-11)

use default desktop from CoreServices View
reload the login window when wifi is connected View
fix conflicts in XCreds app View
Add new NetworkMonitor and reload webview on network changes View
add new networkmonitor View
better handling of loginwindow reload View
bumped version View
bumped version View
Resolves #111 by only refreshing when on cloud login View
removed tperfitt from logging. issu #108 View
added info in DS for sub and iss when user is logging in and account is created View
initial implementation of allow user to select account to map to #98 View
added preference shouldAllowKeyComboForMacLoginWindow and key combo (control-option return) to switch logon window. command-option-control return for mac login window. Feature Request: Show / Hide the switch login button with a pref key. #121 View
Log shows tperfitt user profile path #108 View
Feature Request: Option to alias IdP username to local DS user account #59 View
add missing Credits.txt file View
fixed typo View
updated manifest for new keys View
showed Create New Account button in migration modal View
updated js View
bumped version and build View
adde missing credits file View

v3.3.5269 (2023-11-27)

use default desktop from CoreServices View
reload the login window when wifi is connected View
fix conflicts in XCreds app View
Add new NetworkMonitor and reload webview on network changes View
add new networkmonitor View
better handling of loginwindow reload View
bumped version View
bumped version View
Resolves #111 by only refreshing when on cloud login View
removed tperfitt from logging. issu #108 View
added info in DS for sub and iss when user is logging in and account is created View
initial implementation of allow user to select account to map to #98 View
added preference shouldAllowKeyComboForMacLoginWindow and key combo (control-option return) to switch logon window. command-option-control return for mac login window. Feature Request: Show / Hide the switch login button with a pref key. #121 View
Log shows tperfitt user profile path #108 View
Feature Request: Option to alias IdP username to local DS user account #59 View
add missing Credits.txt file View
fixed typo View
updated manifest for new keys View
showed Create New Account button in migration modal View

v3.2.5197 (2023-10-17)

updated readme View
Update README.md View
Update README.md View
updated url in profile manifest View
fixed issue 95: whitespace characters in password and username View
shouldPreferLocalLoginInsteadOfCloudLogin View
another attempt at fixing #95 View
wip View
fixed keyboard nav for controls View
issue #100: Detect Offline View
Add ability to check passwords via ROPG View
Rename prefkey to be more boolean View
update to profile manifest View
fixed typo in function name View
added a smidge more logging View
added self healing for auth rights View
updated manifest View

release_3_1 (2023-07-14)

updated readme View
Update README.md View
Update README.md View
updated history.md View
fixed check timer to still work if mac sleeps View
fixed issue with token update time View
fixed fade; cleaned up user mappings for weird characters View
final touches View
bumped to 3.2; added some additional logging View
bumped build number to 5000 View
updated permission for override_script View
changed version back to 3.1; added better about window with history; changed override script requirments to be owned by _securityagent and be 700 View
added command click login window for mac login window View
text fixes View
updated build script View
added back sample profie View
fixed timer minutes View

v3.1.4144 (2023-06-08)

updated AD support: kerb ticket now obtained at user space app launch from password in keychain. udpated profile manifest with better comments; delete cookes on webview each time it appears; added local login button; shows username password if discoveryURL is not defined View

v3.1.4143 (2023-06-07)

updated fullname View
added shake to password field View
added shake to password field View
get kerb ticket on login View

v3.1.4081 (2023-05-27)

updated readme View
Update README.md View
Update README.md View
added Package.resolved View
added XCredsLoginPlugIn/errorpage.html View
cleaned up build system a bit View
improved javascript parsing View
fixed issue with initial javascript listener View
cleaned up logging a bit View
removed reset option View
removed KeychainReset and PasswordOverwriteSilent because it makes things worse View
added lock screen switch to login window View
fixed window levels, progress screen, background and boot runner issues View
improved logging View
checkpoint View
added override script and secure token admin reset View
removed shouldFindPasswordElement since that is defaulit fallback behavior View
cleaned up ui a bit View
dont refresh prefs so much View
added check for group membership in oidc claim View
added history file View

release-3.0 (2023-05-08)

updated readme View
Update README.md View
Update README.md View

release_3_0 (2023-04-18)

added trial license beginnings View
fixed regression for password change not capturing new password on azure View
bumped version to 3600 View
fixed issue with crash if time is far off View
fixed typo View
updated license View
fixed focus issue View

release_v2_4 (2023-03-28)

updated readme View
Update README.md View
Update README.md View
added more logging for id token and bumped version to 2.3 View
added remove keychain option View
updated language on keychain option and added pref in manifest View
added key for customizing return to xcreds; added preference and ability to automatically refresh login window View
added in login window height/width View
added in login window height/width min value of 100 View
added in login window height/width min value of 100 View
fixed login window size and background image View
fixed focus issue View
updated sample configu View
tweaked text for user space refresh token window and added pref to show or hide View
fixed names and links in manifest View
fixed crashing issue due to null refreshview outlet View
added frontmost when prompting for keychain password View
fixed issue with autorefresh View
fixed changing wifi not dismissing dialog View
fixed changing wifi not dismissing dialog View
added 802.1x support; added support for pref key for finding password based on type=password View
wip View

release_v2_1 (2023-01-11)

realease_v2_2 (2023-01-11)

updated readme View
support getting password with get and adfs View
Revert "support getting password with get and adfs" View
changed pref names for custom IDP / ADFS View
fixed package template issue and updated manifest View
Update README.md View
enabled rekeying FileVault implementation View
Support a Azure AD host View
If fullname is empty, shorname is used. View
added autologin when fv enabled View
added okta compatibility View
added a bit more logging View
removed "prompt":"consent" View
fixed notification prompt View
added shouldShowCloudLoginByDefault user default View
added idhostnames array so you can specify multiple tenants View
removed registration reminder View
removed spaces View
Update README.md View
added mappings for user info View
bumped version to 2.2 and build View
added new key for OIDC mapping View
made keys lowercase for mappings View
changed case of keys View
renamed mapped prefs with a prefix View
username hint was not being set View
added startup script View
added credit to script View
implemented KeychainReset View
implemented PasswordOverwriteSilent View
removed show prefs menu View
fixed timer issue View
fixed shouldShowCloudLoginByDefault not working View
fixed edge case when not showing xcreds login when logging out View
removed test time View
added sub as local user account if other methods not available; added some additional logging View
remove progress screen overlay because it was hiding filevault View

release_v2_0 (2022-08-30)

bumped version to 1.1 View
added sample profile for google View
Cloud password verification dialog not centered... #15 View
add "have token" indicator #10 View
Hide "About XCreds" menu item #18; Ability to add a custom URL and menu item for "Change Password #18 View
start of login window View
pass username and password for login window View
added fade to login window complete View
restart and shutdown buttons View
implemented swiching back to mac login window View
wip View
fixed xcreds breakage due to refactoring for xcreds login window View
added keychain updating with tokens View
xcreds login window View
added return to cloud login and wait message View
bumped version View
updated manifest View
added username to manifest View
fixed install scripts View
updated readme View
updaed sample profiles View
added arbitrary check for password in form View
bumped build number View
fixed idtoken required values causing failure View
added build number when starting up View
added build number when starting up in mechnism View
added build number when starting up in mechnism View
create user mech View
tweaked create user View
added FDE enable View
updated prefs View
added fde option View
added network changing detection to reload page View
fixed status icon issue; fixed lack of prompting on first launch View
added default to create keychain View
added better loading at start View
updated loading message View
smother transitions and background image View
fixed background image url View
fixed overlay not showing View
fixed regression with back to my xcreds View
add tweak to back to my xcreds View
more tweaks to back to my xcreds View
fixed minor issues with prefs View
reverted default View
project update View

prebeta (2022-06-15)

Update README.md View
Update README.md View
added support for Google IdP View

4.0.6177 (31/12/2023)

What's New in Beta 3

Feature complete for release 4.0.

4.0.6177 (2023-12-28)

added date to license agreement to resolve Date not shown on user agreement #134 View
fixed Password reset dialog rendering and text need fixes #133 View. Test by resetting password on both AD and Cloud.
Cloud login screen button section pushed to left side #132 View. Test with visual verfication.
Active Directory login - blank login after expired user attempts sign-in #114 View. Test by expiring password in AD and verifying sane UI.
Prompt for Secure Token Admin Login When Required for AD #127 View. Test: Log in with AD account and change local password. Log out. When prompted to reset password, click button to reset keychain and enter local admin and verify keychain is reset and local password is AD password.
[bug] Build 6023 LocalAD - cancelling Change Password prompt breaks login fields. #129 View. Test: In AD, force a password change on next login. Login and when prompted, click Cancel.
Add ability to select active directory login to select mapped user account #136 View. Test: Create non admin local user then log in for first time with local AD user. Should prompt to enter login credentials for a local account. Enter credentials and verify that macOS logs in with that user account. Log out and verify that it does not prompt on subsequent logins.
fixed issue with initial focus View. Test: Reboot and verify you can type without a first click on the textfield. Do this on a non-vm since vm requires window focus.
#54 [View] (https://github.com/twocanoes/xcreds/commit/270732273500c8d5d1e791b565df25d581f5e0f4)
Request: display user password expiration (days left or specific date) in app. #54 View. Test: look at menu item and verify it shows when password expires in AD. verify in AD as well.
Refresh does not change next password check time #88 View. To test: refresh and verify next password check time is updated.
changed cartfile to point to github View. No test
removed framework View No test
removed framework View No test
added key for ROPG at login window View. To test: Use the xcreds_example_okta_ropg.mobileconfig testfile that has the shouldUseROPGForOIDCLogin key set to true. Verify that you can log in with test Okta user account.
partial refactor wip View. No test
partial refactor wip View No test
partial refactor wip View No test
ropg at login window initial implementation [View] (https://github.com/twocanoes/xcreds/commit/32ad7b391c89e870fe373cdac46e62744fb79221) No test
cleaned up ropg login code View No test
hide refresh when on username/password window; move focus to blank password when not entered for username/password window View Test: verify refresh button only shows on web login screens
fixed menu app password verification View. Test: select Refresh in menu app and verify you can log in with both the AD, ROPG and OIDC.
added ShareMounter and missing KerbUtil filet View No Test.
added username / password view to prompt in userspace View. Change password in cloud and launch userspace app. verify it prompts and you can log in and the icon turns green.
fixed cancel for AD userspace cancel View Test: click cancel when AD prompts to sync local password.
fixed override script in usersapce View. Test: verify having a override script does not cause crash when specified in profile and refresh selected in menu item app.
fixed typo View No Test.

XCreds 4.0 Beta 2 (12/12/2023)

What's New

The major version was bumped to v4. Prior beta (Beta 1) was labeled as 3.3 and should be consider v4 Beta 1. So much goodness could not be contained in a minor version bump and only a major version increase would suffice.

Beta 2

fixed Update documented minimum for loginWindowWidth and loginWindowHeight #91

Minimum Height and Width is now 150. Anything less than that will change it to 150.

What to test: Set to lower and higher values and verify it changes as expected.

implemented Prompt for Secure Token Admin Login When Required #123

When logging in at the cloud login window and the local password is not the same as the cloud password, the user is prompted to enter in the local password. If the user does not know the password and there is no adminUsername/admin password defined in an override script or in preferences, the user will be prompted for admin credentials. If admin credentials are given correctly, the user account will be change to the new password and a new keychain will be created (and the old one moved aside).

What to test: Successfully log in as a cloud user and verify all is working. Log out and change cloud password on IdP. Log in again and verify that clicking reset results in correct behavior. Verify cancel buttons work as expected and that bad passwords and username give correct feedback.

implemented feature request: localad/kebereros support for saving groups to prefs #125

When set up to use active directory, logging in as a AD user that is a member of groups will populate the local account with a new attribute called _xcreds_groups and will have the name of the groups as a command separated list.

what to test: In active directory, add user to a few groups. Not that the primary group is not a direct membership ("Domain User") and will not show up. Log in and verify new attribute is populated in user account by opening Directory Utility and viewing the account. Change group membership in AD, log out and log back in, and verify AD groups have been updated via Directory Utility.

fixed ad groups for making admin user

If the preference key "CreateAdminIfGroupMember" and value of an array of strings is defined, the groups the user is part of in AD will be checked against those values, and if one matches, the user will be an admin. This is updated on each login, so adding and removing should change admin membership/

What to test: Log in as a AD user and verify that they are not an admin. Add the user to a group in AD and add that group name to the CreateAdminIfGroupMember preference. Log back in and verify the user is now admin. Repeat test with a new user and make sure the user is an admin at first login.

fixed Active Directory issue after password change #112

When signing in using XCreds as an Active Directory user, if the AD user password is changed and then the user tries to sign again, XCreds sign-in will fail if the new password is entered. XCreds sign-in will succeed if the old password is entered.

What to test: change password and verify correct bahavior.

adding arbitrary claims to local DS user account

A new preference key "claimsToAddToLocalUserAccount" with an array of strings as values was added. Adding in a claim will result in that claim be added to the user's local DS account on next login. By default, if this key is not defined, the groups claim will be added automatically.

what to test: In preferences, add the claims "ipaddr" and "upn" to the claims and login as a user. Verify that the claims show up as xcreds and the value in Directory Utility for the user.

updated animation when logging in

When logging in both as AD and cloud, the button bar should animate by dropping down and the main window should gracefully fade away leaving no trace. A thing of beauty.

what to test: Look at it. Love it.

Detect when no password was entered #17

When no password is detected from the cloud login, it used to fail by returning to the login window. Now there is an error message.

what to test: set the passwordElementID to something that doesn't match the element (like xyzzy) and try and log in. XCreds should log in to the cloud login and not be able to capture the password. An error should then be shown.

updated license agreement (issue #90)

The software license agreement shown when running the installer for v3.1 build 5084 shows last updated date as April 18, 2023. This should be updated to match the SLA provided at https://twocanoes.com/software-license-agreements/

what to test: verify correct date.

refactored code to add admin to user account based on group membership each login (issue #109)

in prior version, admin membership was only checked at initial account login. admin membership is now check at each login and the admin group is updated based on preferences.

what to test: set the CreateAdminIfGroupMember value to the name of an existing to a group they are a membrer of in the iDp and verify they become admin at next login. Remove and verify that they are removed as local admin.

added groups claim value to OD record on each login in _xcreds_oidc_groups (issue #117)

When set up to use OIDC, logging in as a cloud user that is a member of groups will populate the local account with a new attribute called _xcreds_groups and will have the name of the groups as a space separated list.

what to test: In OIDC, add user to a few groups. . Log in and verify new attribute is populated in user account by opening Directory Utility and viewing the account. Change group membership in ODIC, log out and log back in, and verify groups have been updated via Directory Utility.

fixed issue #124: Default behavior wrong for shouldAllowKeyComboForMacLoginWindow

The manifest defines the default for shouldAllowKeyComboForMacLoginWindow as false but when it is not set in a profile the login window allows the key combo to work.

what to test: don't define key and verify it doesn't work, then define and verify it does

Beta 1:

Select Existing User Account During Account Creation

Using the new preference key “shouldPromptForMigration”, when a new login is detected and there are existing standard user accounts on the system, the user will be prompted for a username and password (#98).

If the username and password are successfully entered for an existing account, this local account will then be used when logging in with this cloud account. The local account has 2 new DS attributes added:

dsAttrTypeNative:_xcreds_oidc_sub: Subscriber. Unique identifier for account within the current issuer.

dsAttrTypeNative:_xcreds_oidc_iss: Issuer In subsequent logins, the user account is selected by matching the sub and iss from the identity token to the values in the local account.

Note that the user will only be prompted if there are existing standard accounts on the system and the login does not have a locally mapped account.

The dialog for migration has a “Create New Account” button that will allow them to skip migration and create a local account. If a local account using the prior logic exists, it will be mapped.

Key Combination for showing Standard and Mac login window

Setting the new preference key “shouldAllowKeyComboForMacLoginWindow” allows switch login between cloud and standard/Mac login using a key combination regardless of the hidden state of the Switch Login Window button (#121). The keys are as follows:

Option-Control-Return: Switch between cloud and standard login window. Command-Option-Control-Return: Switch between cloud and Mac login window.

Account Alias

When a new preference is set (“aliasName”) to a claim in the identity token, the value in that claim is used to set an alias to the user account, allowing them to login with it.

An example: Set the preferences to have aliasName = “upn”. Log in as barney@twocanoes.com. The identity token has a claim called “upn” whose value was “barney@twocanoes.com“. XCreds then adds barney@twocanoes.com that is an alias and the user can login with either barney or barney@twocanoes.com at the local and mac login window. This gives the user a consistent way to log in at the cloud login or the standard / Mac login window.

New Features

Removed logging messages that had a local path from the build system.
Updates postinstall to better handle the setup assistant and userland install scenarios. Thanks to Clkw0rk for the pull request.
Reload login window on network changes. Thanks to Clkw0rk for the pull request and credit to @hurricanehrndz and the CPE Team at Yelp
Reload login window after wifi connected. Thanks to Clkw0rk for the pull request.
add encoding for special characters to tokenmanager. Thanks to Clkw0rk for the pull request.
use default desktop from CoreServices. Thanks to Clkw0rk and the CPE Team at Yelp for the pull request.

XCreds 3.2.1 (12/12/2023)

XCreds 3.2 results an issue where the last character was not capture when typing the password very quickly and hitting return right away.

XCreds 3.3 Beta 1 (27/11/2023)

Select Existing User Account During Account Creation

Using the new preference key “shouldPromptForMigration”, when a new login is detected and there are existing standard user accounts on the system, the user will be prompted for a username and password (#98).

If the username and password are successfully entered for an existing account, this local account will then be used when logging in with this cloud account. The local account has 2 new DS attributes added:

dsAttrTypeNative:_xcreds_oidc_sub: Subscriber. Unique identifier for account within the current issuer.

dsAttrTypeNative:_xcreds_oidc_iss: Issuer In subsequent logins, the user account is selected by matching the sub and iss from the identity token to the values in the local account.

Note that the user will only be prompted if there are existing standard accounts on the system and the login does not have a locally mapped account.

The dialog for migration has a “Create New Account” button that will allow them to skip migration and create a local account. If a local account using the prior logic exists, it will be mapped.

Key Combination for showing Standard and Mac login window

Setting the new preference key “shouldAllowKeyComboForMacLoginWindow” allows switch login between cloud and standard/Mac login using a key combination regardless of the hidden state of the Switch Login Window button (#121). The keys are as follows:

Option-Control-Return: Switch between cloud and standard login window. Command-Option-Control-Return: Switch between cloud and Mac login window.

Account Alias

When a new preference is set (“aliasName”) to a claim in the identity token, the value in that claim is used to set an alias to the user account, allowing them to login with it.

An example: Set the preferences to have aliasName = “upn”. Log in as barney@twocanoes.com. The identity token has a claim called “upn” whose value was “barney@twocanoes.com“. XCreds then adds barney@twocanoes.com that is an alias and the user can login with either barney or barney@twocanoes.com at the local and mac login window. This gives the user a consistent way to log in at the cloud login or the standard / Mac login window.

New Features

Removed logging messages that had a local path from the build system.
Updates postinstall to better handle the setup assistant and userland install scenarios. Thanks to Clkw0rk for the pull request.
Reload login window on network changes. Thanks to Clkw0rk for the pull request and credit to @hurricanehrndz and the CPE Team at Yelp
Reload login window after wifi connected. Thanks to Clkw0rk for the pull request.
add encoding for special characters to tokenmanager. Thanks to Clkw0rk for the pull request.
use default desktop from CoreServices. Thanks to Clkw0rk and the CPE Team at Yelp for the pull request.

XCreds 3.2 (17/10/2023)

ROPG XCreds now uses ROPG to verify password when logged in. Very useful with Okta and other IdP that do not support token refresh. Requires preferences ropgClientID, ropgClientSecret, and shouldVerifyPasswordWithRopg. Thanks to hurricanehrndz for this pull request.

New Features New preference key to force local login: shouldPreferLocalLoginInsteadOfCloudLogin . Thanks to jamesez for the pull request. New preference key show login window based on detecting network status: shouldDetectNetworkToDetermineLoginWindow. Added self healing for auth rights Added support for keyboard nav for controls Detect offline and automatically switch to local login.

Bug Fixes Remove trailing and leading spaces entered in username

XCreds 3.1 (17/07/2023)

XCreds 3.1

Active Directory Login

New username and password window allows logging in with local user or Active Directory (if ADDomain key is defined).

New Username and Password Window

We no longer use the macOS login window and use the new XCreds username/password window. This allows for faster switching and Active Directory login.

Switch to Login Window at Screen Saver

When the "shouldSwitchToLoginWindowWhenLocked" key is set and XCreds is running in the user session and the screen is locked, the lock screen will fast user switch to the login window.

When set to true and the user locks the current session, XCreds will tell the system to switch to Login Window. The current session will stay active but the user will log in with the XCreds Login Window to resume the session.

Admin Group

If group membership is returned in the "groups" claim and matches the group defined in the "CreateAdminIfGroupMember" preference, the user will be created as admin.

kerberos ticket

When app is first launched and there is a keychain item with an AD account and local password, a kerberos ticket will be attempted.

Override Preference Script

Most preferences can now be overwritten by specifying a script at the path defined by "settingsOverrideScriptPath". This script, if it exists, owned by _securityagent, and has permissions 700 (accessible only by _securityagent) must return a valid plist that defines the key/value pairs to override in preferences. This allows for basing preferences based on the local state of the machine. It is important for the "localAdminUserName" and "localAdminPassword" keys. See Reset Keychain for more information on this. The override script can also be used for querying the local state and setting preferences. For example, to randomly set the background image, a sample script "settingsOverrideScriptPath" defines a script:

#!/bin/sh
dir="/System/Library/Desktop Pictures"
desktoppicture=`/bin/ls -1 "$dir"/*.heic | sort --random-sort | head -1`
    
cat /usr/local/xcreds/override.plist|sed "s|DESKTOPPICTUREPATH|${desktoppicture}|g"

The plist would be defined as:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>loginWindowBackgroundImageURL</key>
    <string>file://DESKTOPPICTUREPATH</string>
</dict>
</plist>

Reset Keychain

In prior versions of XCreds, the ability to reset the keychain if the user forgets their local password would fail due to the lack of an admin user with a secure token. This would cause the "PasswordOverwriteSilent" to fail.

The "settingsOverrideScriptPath" (see above) can return the admin username and password of an admin account that has a secure token. This admin user is then used to reset the user's keychain if they forgot their local password. This can either be done with user prompting or silently.

The script can find those keys via curl, in system keychain, or in a LAPS file and return the values inside the plist that is returned. This gives flexibility in determining the security required for the local admin username and password.

Note that XCreds assumes an admin user with a secure token already exists on the machine and XCreds does not create or manage this user. If you manage local admin via a LAPS system, you can return the password from the local password file.

An example of an override script to return username and password are as follows:

Override Script:

#!/bin/sh dir="/System/Library/Desktop Pictures" desktoppicture=/bin/ls -1 "$dir"/*.heic | sort --random-sort | head -1 #this is provided as an example. DO NOT KEEP ADMIN CREDENTIALS ON DISK! Use curl or other method for getting them temporarily. admin_username="tcadmin" admin_password="twocanoes" cat /usr/local/xcreds/override.plist | sed "s|LOCALADMINUSERNAME|${admin_username}|g" | sed "s|LOCALADMINPASSWORD|${admin_password}|g"

plist:

`<?xml version="1.0" encoding="UTF-8"?>`

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>localAdminUserName</key> <string>LOCALADMINUSERNAME</string> <key>localAdminPassword</key> <string>LOCALADMINPASSWORD</string> </dict> </plist>

Others

added shake to password field
added dialog over login window when in an error state
improved code when local password policy does not allow setting password from cloud.
Added about menu with history

New Keys

ADDomain

The desired AD domain

usernamePlaceholder

Placeholder text in local / AD login window for username

passwordPlaceholder

Placeholder text in local / AD login window for password

shouldShowLocalOnlyCheckbox

Show the local only checkbox on the local login page

CreateAdminIfGroupMember

List of groups that should have its members created as local administrators. Set as an Array of Strings of the group name.

shouldSwitchToLoginWindowWhenLocked

When set to true and the user locks the current session, XCreds will tell the system to switch to Login Window. The current session will stay active but the user will login with the XCreds Login Window to resume the session.

settingsOverrideScriptPath

Script to override defaults. Must return valid property list with specified defaults. Script must exist at path, be owned by root and only writable by root.

localAdminUserName

Username of local admin user. DO NOT SET THIS IN PREFERENCES. It is recommended to set this with the settingsOverrideScriptPath script. This user is used to reset the keychain if the user forgets their local password and to set up a secure token for newly created users.

localAdminPassword

Password of local admin user. DO NOT SET THIS IN PREFERENCES. It is recommended to set this with the settingsOverrideScriptPath script. This user is used to reset the keychain if the user forgets their local password and to set up a secure token for newly created users.

shouldShowCloudLoginByDefault

Determine if the Mac login window or the cloud login window is shown by default

shouldShowMacLoginButton

Show the Mac Login Window button in XCreds Login

shouldShowTokenUpdateStatus Show the time when the password will be checked. True by default.

Prerelease 3.1.4144 (08/06/2023)

What's New In XCreds

XCreds 3.1

Active Directory Login

New username and password window allows logging in with local user or Active Directory (if ADDomain key is defined).

New Username and Password Window

We no longer use the macOS login window and use the new XCreds username/password window. This allows for faster switching and Active Directory login.

Switch to Login Window at Screen Saver

When the "shouldSwitchToLoginWindowWhenLocked" key is set and XCreds is running in the user session and the screen is locked, the lock screen will fast user switch to the log

When set to true and the user locks the current session, XCreds will tell the system to switch to Login Window. The current session will stay active but the user will login with the XCreds Login Window to resume the session.

Admin Group

If group membership is returned in the "groups" claim and matches the group defined in the "CreateAdminIfGroupMember" preference, the user will be created as admin.

kerberos ticket

When app is first launched and their is a keychain item with a AD account and local password, a kerberos ticket will be attempted.

Override Preference Script

Most preferences can now be overwritten by specifying a script at the path defined by "settingsOverrideScriptPath". This script, if it exists, owned by root, and has permissions 755 (writable only by root, readable and executable by all) must return a valid plist that defines the key/value pairs to override in preferences. This allows for basing preferences based on the local state of the machine. It is important for the "localAdminUserName" and "localAdminPassword" keys. See Reset Keychain for more information on this. The overide script can also be used for querying the local state and setting preferences. For example, to randomly set the background image, a sample script "settingsOverrideScriptPath" defines a script:

!/bin/sh
dir="/System/Library/Desktop Pictures"
desktoppicture=`/bin/ls -1 "$dir"/*.heic | sort --random-sort | head -1`
    
cat /usr/local/xcreds/override.plist|sed "s|DESKTOPPICTUREPATH|${desktoppicture}|g"

The plist would defined as:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>loginWindowBackgroundImageURL</key>
    <string>file://DESKTOPPICTUREPATH</string>
</dict>
</plist>

Reset Keychain

In prior versions of XCreds, the ability to reset the keychain if the user forgets their local password would fail due to the lack of a admin user with a secure token. This would cause the "PasswordOverwriteSilent" to fail.

The "settingsOverrideScriptPath" (see above) can return the admin username and password of an admin account that has a secure token. This admin user is then used to reset the user's keychain if they forgot their local password. This can either be done with user prompting or silently.

The script can find those keys via curl, in system keychain, or in a LAPS file and return the values inside the plist that is returned. This gives flexablity in determining the security required for the local admin username and password.

Note that XCreds assumes an admin user with a secure token already exists on the machine and XCreds does not create or manage this user. If you manage local admin via a LAPS system, you can return the password from the local password file.

An example of an override script to return username and password are as follows:

Override Script:

!/bin/sh dir="/System/Library/Desktop Pictures" desktoppicture=/bin/ls -1 "$dir"/*.heic | sort --random-sort | head -1 #this is provided as an example. DO NOT KEEP ADMIN CREDENTIALS ON DISK! Use curl or other method for getting them temporarily. admin_username="tcadmin" admin_password="twocanoes" cat /usr/local/xcreds/override.plist | sed "s|LOCALADMINUSERNAME|${admin_username}|g" | sed "s|LOCALADMINPASSWORD|${admin_password}|g"

plist:

`<?xml version="1.0" encoding="UTF-8"?>`

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>localAdminUserName</key> <string>LOCALADMINUSERNAME</string> <key>localAdminPassword</key> <string>LOCALADMINPASSWORD</string> </dict> </plist>

Others

added shake to password field

New Keys

ADDomain

The desired AD domain

CreateAdminIfGroupMember

List of groups that should have its members created as local administrators. Set as an Array of Strings of the group name.

shouldSwitchToLoginWindowWhenLocked

When set to true and the user locks the current session, XCreds will tell the system to switch to Login Window. The current session will stay active but the user will login with the XCreds Login Window to resume the session.

settingsOverrideScriptPath

Script to override defaults. Must return valid property list with specified defaults. Script must exist at path, be owned by root and only writable by root.

localAdminUserName

Username of local admin user. DO NOT SET THIS IN PREFERENCES. It is recommended to set this with the settingsOverrideScriptPath script. This user is used to reset the keychain if the user forgets their local password and to setup a secure token for newly created users.

localAdminPassword

Password of local admin user. DO NOT SET THIS IN PREFERENCES. It is recommended to set this with the settingsOverrideScriptPath script. This user is used to reset the keychain if the user forgets their local password and to setup a secure token for newly created users.

shouldFindPasswordElement

Selects the password element field in the web page by finding a form element that has bullets (input is password)

shouldShowCloudLoginByDefault

Determine if the mac login window or the cloud login window is shown by default

shouldShowMacLoginButton

Show the Mac Login Window button in XCreds Login

Version 3.0 Build 3607

Released 2023-04-19

Updated license
Fixed typo
Fixed issue with crash if time is too far off
Fixed regression for password change not capturing new password on Azure
Added trial license
Version 2.4
Added 802.1x support; added support for pref key for finding password based on type=password
Fixed changing wifi not dismissing dialog
Fixed issue with autorefresh
Added frontmost when prompting for keychain password
Fixed crashing issue due to null refreshview outlet
Fixed names and links in manifest
Tweaked text for user space refresh token window and added pref to show or hide
Updated sample config
Fixed focus issue
Fixed login window size and background image
Added in login window height/width min value of 100
Added key for customizing return to XCreds; added preference and ability to automatically refresh login window
Updated language on keychain option and added pref in manifest
Added remove keychain option

Version 2.3

Added more logging for id token
Removed progress screen overlay because it was hiding filevault
Added sub as local user account if other methods not available; added some additional logging
Removed test time
Fixed edge case when not showing xcreds login when logging out
Fixed shouldShowCloudLoginByDefault not working
Fixed timer issue
Removed show prefs menu
Implemented PasswordOverwriteSilent
Implemented KeychainReset
Added credit to script
Added startup script
Username hint was not being set
Renamed mapped prefs with a prefix
Changed case of keys
Made keys lowercase for mappings
Added new key for OIDC mapping

Version 2.2

Added mappings for user info

Version 2.1

Initial release

Prerelease 3.1.4081 (27/05/2023)

XCreds 3.1

Active Directory Login

New username and password window allows logging in with local user or Active Directory (if ADDomain key is defined).

New Username and Password Window

We no longer use the macOS login window and use the new XCreds username/password window. This allows for faster switching and Active Directory login.

Admin Group

If group membership is returned in the "groups" claim and matches the group defined in the "CreateAdminIfGroupMember" preference, the user will be created as admin.

Override Preference Script

Most preferences can now be overwritten by specifying a script at the path defined by "settingsOverrideScriptPath". This script, if it exists, owned by root, and has permissions 755 (writable only by root, readable and executable by all) must return a valid plist that defines the key/value pairs to override in preferences. This allows for basing preferences based on the local state of the machine. It is important for the "localAdminUserName" and "localAdminPassword" keys. See Reset Keychain for more information on this. The overide script can also be used for querying the local state and setting preferences. For example, to randomly set the background image, a sample script "settingsOverrideScriptPath" defines a script:

!/bin/sh
dir="/System/Library/Desktop Pictures"
desktoppicture=`/bin/ls -1 "$dir"/*.heic | sort --random-sort | head -1`
    
cat /usr/local/xcreds/override.plist|sed "s|DESKTOPPICTUREPATH|${desktoppicture}|g"

The plist would defined as:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>loginWindowBackgroundImageURL</key>
    <string>file://DESKTOPPICTUREPATH</string>
</dict>
</plist>

Reset Keychain

In prior versions of XCreds, the ability to reset the keychain if the user forgets their local password would fail due to the lack of a admin user with a secure token. This would cause the "PasswordOverwriteSilent" to fail.

The "settingsOverrideScriptPath" (see above) can return the admin username and password of an admin account that has a secure token. This admin user is then used to reset the user's keychain if they forgot their local password. This can either be done with user prompting or silently.

The script can find those keys via curl, in system keychain, or in a LAPS file and return the values inside the plist that is returned. This gives flexablity in determining the security required for the local admin username and password.

Note that XCreds assumes an admin user with a secure token already exists on the machine and XCreds does not create or manage this user. If you manage local admin via a LAPS system, you can return the password from the local password file.

An example of an override script to return username and password are as follows:

Override Script:

!/bin/sh dir="/System/Library/Desktop Pictures" desktoppicture=/bin/ls -1 "$dir"/*.heic | sort --random-sort | head -1 #this is provided as an example. DO NOT KEEP ADMIN CREDENTIALS ON DISK! Use curl or other method for getting them temporarily. admin_username="tcadmin" admin_password="twocanoes" cat /usr/local/xcreds/override.plist | sed "s|LOCALADMINUSERNAME|${admin_username}|g" | sed "s|LOCALADMINPASSWORD|${admin_password}|g"

plist:

`<?xml version="1.0" encoding="UTF-8"?>`

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>localAdminUserName</key> <string>LOCALADMINUSERNAME</string> <key>localAdminPassword</key> <string>LOCALADMINPASSWORD</string> </dict> </plist>

New Keys

ADDomain

The desired AD domain

CreateAdminIfGroupMember

List of groups that should have its members created as local administrators. Set as an Array of Strings of the group name.

shouldSwitchToLoginWindowWhenLocked

When set to true and the user locks the current session, XCreds will tell the system to switch to Login Window. The current session will stay active but the user will login with the XCreds Login Window to resume the session.

settingsOverrideScriptPath

Script to override defaults. Must return valid property list with specified defaults. Script must exist at path, be owned by root and only writable by root.

localAdminUserName

Username of local admin user. DO NOT SET THIS IN PREFERENCES. It is recommended to set this with the settingsOverrideScriptPath script. This user is used to reset the keychain if the user forgets their local password and to setup a secure token for newly created users.

localAdminPassword

Password of local admin user. DO NOT SET THIS IN PREFERENCES. It is recommended to set this with the settingsOverrideScriptPath script. This user is used to reset the keychain if the user forgets their local password and to setup a secure token for newly created users.

shouldFindPasswordElement

Selects the password element field in the web page by finding a form element that has bullets (input is password)

shouldShowCloudLoginByDefault

Determine if the mac login window or the cloud login window is shown by default

shouldShowMacLoginButton

Show the Mac Login Window button in XCreds Login

Name	Type	Required	Description
ADDomain	string		The desired AD domain
clientID	string	always	The OIDC client id public identifier for the app.
clientSecret	string		Client Secret sometimes required by identity provider.
CreateAdminUser	boolean		When set to true and the user account is created, the user will be a local admin.
CreateAdminIfGroupMember	array		List of groups that should have its members created as local administrators. Set as an Array of Strings of the group name.
shouldSwitchToLoginWindowWhenLocked	boolean		When set to true and the user locks the current session, XCreds will tell the system to switch to Login Window. The current session will stay active but the user will login with the XCreds Login Window to resume the session.
discoveryURL	string	always	The discovery URL provided by your OIDC / Cloud provider.
EnableFDE	boolean		Enabled FDE enabled at first login on APFS disks.
EnableFDERecoveryKey	boolean		Save the Personal Recovery Key (PRK) to disk for the MDM Escrow Service to collect.
EnableFDERecoveryKeyPath	string		Specify a custom path for the recovery key.
EnableFDERekey	boolean		Rotate the Personal Recovery Key (PRK).
loginWindowWidth	integer		Login Window webview width (Integer). If this is not defined, it will be full width. Minimum value of 100.
loginWindowHeight	integer		Login Window webview height (Integer). If this is not defined, it will be full height. Minimum value of 100.
loginWindowBackgroundImageURL	string		URL to an image to show in the background while logging in.
passwordChangeURL	string		Add a menu item for changing the password that will open this URL when the menu item is selected.
redirectURI	string		URI to redirect to when authentication is complete.
refreshRateHours	integer		Number of hours for checking for password changes. Default is 3 hours. Minimum is 1 hour.
scopes	string		OIDC Scopes
shouldSetGoogleAccessTypeToOffline	boolean		When using Google IdP, a refresh token may need be requested in a non-standard way.
shouldShowCloudLoginByDefault	boolean		Determine if the mac login window or the cloud login window is shown by default
autoRefreshLoginTimer	integer		Timer for automatically refreshing login screen in seconds. If set to 0, does not automatically refresh.
cloudLoginText	string		Text for return to cloud login on Mac login screen
shouldShowAboutMenu	boolean		Show the About Menu
shouldShowRefreshBanner	boolean		Show text at the top of the prompt window when tokens expire.
shouldShowConfigureWifiButton	boolean		Show Configure WiFi button in XCreds Login.
shouldShowPreferencesOnStart	boolean		If no settings are specified, preferences will not be shown on startup.
shouldShowMacLoginButton	boolean		Show the Mac Login Window button in XCreds Login.
shouldShowSupportStatus	boolean		Show message in XCreds Login reminding people to buy support.
shouldShowQuitMenu	boolean		Show Quit Menu Item in the menu.
shouldShowVersionInfo	boolean		Show the version number and build number in the lower left corner of XCreds Login.
showDebug	boolean		Show debug local notifications.
username	string		When a user uses cloud login, XCreds will try and figure out the local username based on the email or other data returned for the IdP. Use this value to force the local username for any cloud login. Provide only the shortname.
KeychainReset	boolean		Reset the keychain without prompting if the login password doesn't match the local password.
PasswordOverwriteSilent	boolean		Update the password silently to the new one. Used with the KeychainReset if the user has a secure token.
localAdminUserName	string		Username of local admin user. DO NOT SET THIS IN PREFERENCES. It is recommended to set this with the settingsOverrideScriptPath script. This user is used to reset the keychain if the user forgets their local password and to setup a secure token for newly created users.
localAdminPassword	string		Password of local admin user. DO NOT SET THIS IN PREFERENCES. It is recommended to set this with the settingsOverrideScriptPath script. This user is used to reset the keychain if the user forgets their local password and to setup a secure token for newly created users.
verifyPassword	boolean		Show prompt to verify cloud password before setting keychain and login.
idpHostName	string		hostname of the page that has the password field.
idpHostNames	array		array of hostnames of the page that has the password field.
passwordElementID	string		password element id of the html element that has the password.
map_firstname	string		Local DS to OIDC Mapping for First Name
map_lastname	string		Local DS to OIDC Mapping for Last Name
map_fullname	string		Local DS to OIDC Mapping for Name
map_username	string		Local DS to OIDC Mapping for Name
settingsOverrideScriptPath	string		Script to override defaults. Must return valid property list with specified defaults. Script must exist at path ,be owned by root and only writable by root.

XCreds 3.0 (08/05/2023)

Version 3.0 Build 3607 Released 2023-04-19

Updated license Fixed typo Fixed issue with crash if time is too far off Fixed regression for password change not capturing new password on Azure Added trial license

XCreds 2.4 (13/04/2023)

fixed changing wifi not dismissing dialog
fixed issue with autorefresh
added frontmost when prompting for keychain password
fixed crashing issue due to null refreshview outlet
fixed names and links in manifest
tweaked text for user space refresh token window and added pref to show or hide
updated sample configu
fixed focus issue
fixed login window size and background image
added in login window height/width min value of 100
added key for customizing return to xcreds; added preference and ability to automatically refresh login window
updated language on keychain option and added pref in manifest
added remove keychain option
added more logging for id token and bumped version to 2.3
remove progress screen overlay because it was hiding filevault
added sub as local user account if other methods not available; added some additional logging
removed test time
fixed edge case when not showing xcreds login when logging out
fixed shouldShowCloudLoginByDefault not working
fixed timer issue
removed show prefs menu
implemented PasswordOverwriteSilent
implemented KeychainReset
added credit to script
added startup script
username hint was not being set
renamed mapped prefs with a prefix
changed case of keys
made keys lowercase for mappings
added new key for OIDC mapping

XCreds 2.2 (11/01/2023)

(origin/develop, develop) remove progress screen overlay because it was hiding filevault
added sub as local user account if other methods not available; added some additional logging
removed test time
fixed edge case when not showing xcreds login when logging out
fixed shouldShowCloudLoginByDefault not working
fixed timer issue
removed show prefs menu
implemented PasswordOverwriteSilent
implemented KeychainReset
added credit to script
added startup script
username hint was not being set
renamed mapped prefs with a prefix
changed case of keys
made keys lowercase for mappings
added new key for OIDC mapping
(origin/feature-mappings, feature-mappings) added mappings for user info
Update README.md
(origin/release-2.1) removed spaces
removed registration reminder
added idhostnames array so you can specify multiple tenants
added shouldShowCloudLoginByDefault user default
fixed notification prompt
removed "prompt":"consent"
added a bit more logging
added okta compatibility
added autologin when fv enabled
Merge pull request #37 from kenchan0130/fix-issue-36
Merge pull request #38 from kenchan0130/patch-azure-1
Merge pull request #39 from kenchan0130/patch-2
If fullname is empty, shortname is used.
Support a Azure AD host
enabled rekeying FileVault implementation
Update README.md
fixed package template issue and updated manifest
changed pref names for custom IDP / ADFS

XCreds 2.0 (31/08/2022)

Login Window log in to OIDC provider Support for Azure, Google Cloud, Okta and any OIDC provider Initial account provisioning WiFi Login Window configuration Restart and shutdown from Login Window Profile manifest available for easy configuration Local password update with IdP password Prompt for IdP password when changed Login Keychain password updating Customizable preferences Easy deployment Uses OpenID Connect Attractive and pleasing menu icon Easy configuration with profile / MDM Profile Manifest for Profile Creator Support Two-Factor and Multi-Factor support

prebeta (15/06/2022)

prebeta

Initial Release v1.0.0 (13/06/2022)

Initial Release

Files

CHANGELOG.md

Latest commit

History

CHANGELOG.md

File metadata and controls

Changelog

4.1.6375 (28/02/2024)

4.1.6375 (2024-02-28)

4.1.6346 (2024-02-13)

4.1.6313 (2024-02-06)

release-4.0 (2024-01-29)

4.0.6274 (2024-01-29)

4.0.6261 (2024-01-15)

4.0.6203 (2024-01-01)

4.0.6177 (2023-12-28)

4.0.6023 (2023-12-12)

v3.2.1.6002 (2023-12-11)

v3.3.5269 (2023-11-27)

v3.2.5197 (2023-10-17)

release_3_1 (2023-07-14)

v3.1.4144 (2023-06-08)

v3.1.4143 (2023-06-07)

v3.1.4081 (2023-05-27)

release-3.0 (2023-05-08)

release_3_0 (2023-04-18)

release_v2_4 (2023-03-28)

release_v2_1 (2023-01-11)

realease_v2_2 (2023-01-11)

release_v2_0 (2022-08-30)

prebeta (2022-06-15)

4.1.6346 (2024-02-13) (13/02/2024)

4.1.6346 (2024-02-13)

4.1.6313 (2024-02-06)

XCreds 4.1 (06/02/2024)

4.1.6313 (2024-02-06)

XCreds 4.0 (29/01/2024)

4.0.6274 (2024-01-26)

4.0.6261 (2024-01-15)

4.0.6203 (2024-01-01)

4.0.6177 (2023-12-28)

4.0.6023 (2023-12-12)

v3.2.1.6002 (2023-12-11)

v3.3.5269 (2023-11-27)

v3.2.5197 (2023-10-17)

release_3_1 (2023-07-14)

v3.1.4144 (2023-06-08)

v3.1.4143 (2023-06-07)

v3.1.4081 (2023-05-27)

release-3.0 (2023-05-08)

release_3_0 (2023-04-18)

release_v2_4 (2023-03-28)

release_v2_1 (2023-01-11)

realease_v2_2 (2023-01-11)

release_v2_0 (2022-08-30)

prebeta (2022-06-15)

XCreds 4 Beta 5 (15/01/2024)

4.0.6261 (2024-01-15)

4.0.6203 (2024-01-01)

4.0.6177 (2023-12-28)

4.0.6023 (2023-12-12)

v3.2.1.6002 (2023-12-11)

v3.3.5269 (2023-11-27)

v3.2.5197 (2023-10-17)

release_3_1 (2023-07-14)

v3.1.4144 (2023-06-08)

v3.1.4143 (2023-06-07)

v3.1.4081 (2023-05-27)

release-3.0 (2023-05-08)

release_3_0 (2023-04-18)

release_v2_4 (2023-03-28)

release_v2_1 (2023-01-11)

realease_v2_2 (2023-01-11)

release_v2_0 (2022-08-30)

prebeta (2022-06-15)

XCreds 4 Beta 4 (01/01/2024)

What's New

4.0.6203 (2024-01-01)

4.0.6177 (2023-12-28)

4.0.6023 (2023-12-12)