Wi-Fi username is not prefilled when using system scope configuration profile

Originator:michalm.mac
Number:rdar://FB9948388 Date Originated:2022-03-07
Status:Open Resolved:
Product:macOS Product Version:12.3
Classification:Incorrect/Unexpected Behavior Reproducible:Always
 
# Intro

We currently work on Wi-Fi transition from SSID: OLDWIFI (WPA2 Personal) to SSID: NEWWIFI (WPA2 Enterprise EAP-TTLS with PAP).
We want to use EAP-TTLS with PAP inner authentication method so our user can use Okta credentials to authenticate when connecting to Wi-Fi.
macOS won't connect to EAP-TTLS with PAP by default unless explicitly configured in configuration profile. We provide the configuration profile via MDM (VMware Workspace ONE UEM).

# Problem

When we deploy SYSTEM scope configuration profile (wifi_system_scope.mobileconfig) with UserName key specified, the user name is not prefilled into authentication prompt.

# Steps to reproduce

1. Send SYSTEM scope configuration profile wifi_system_scope.mobileconfig (Profile can be installed manually for the purpose of this bug report).
2. Profile is delivered and configuration applied.
3. If the profile is SYSTEM scope macOS will automatically try to connect to NEWWIFI, fail and reconnect back to OLDWIFI. FB9947906
4. User opens the Wi-Fi menu and clicks on the NEWWIFI SSID.
5. Macs prompts for credentials on the the third connection attempt. FB9948356

# Expected result

Account name is prefilled using the UserName key from the configuration profile.

# Actual result

Account name is not prefilled. See credentials_prompt_system_profile.png.

# Workaround

When we deploy USER scope configuration profile (wifi_user_scope.mobileconfig) with UserName key specified, the user name is prefilled into authentication prompt. See credentials_prompt_user_profile.png.
 

# Affected systems
Both M1 and Intel MacBook Pro running macOS 12 Monterey. Tested with
- MacBookPro14,1 running 12.2.1 (21D62)
- MacBookPro17,1 running 12.3 Beta 5 (21E5227a)

To provide more detailed logs we turned on extended logging via sudo wdutil log +wifi +eapol.

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!