I recently wrote an extension attribute to check for the existence of a certificate in a user's keychain. I can run it without issue locally, and via policy, but when running it as an EA, no response is written to the computer record:
#!/bin/bash
CERTNAME="Okta MTLS"
currentUser=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')
query=$(security find-certificate -a /Users/$currentUser/Library/Keychains/okta.keychain | awk -F'"' '/alis/{print $4}')
if [ "$query" == "$CERTNAME" ]; then
result="Yes"
else
result="No"
fi
echo "$result"
I've also tried to grab the current user's name another way:
currentUser=$(ls -l /dev/console | cut -d " " -f4)
Lastly, I tried writing the output to a txt file and simply cat'ing it via an extension attribute, all to no avail.
No matter what, my extension attribute shows no result in the computer record.
Any tips or suggestions greatly appreciated.
