A complete ground-up rewrite of NoMAD utilizing the same AD Auth Framework found in NoMAD Login.

Last update: May 20, 2022

NoMAD 2

A complete ground-up rewrite of NoMAD utilizing the same AD Auth Framework found in NoMAD Login.

Why?

Well... that's a good question.

NoMAD 1.x hasn't seen a lot of updates in the last few years. A lot of this is because Active Directory itself hasn't changed much. Also, with the introduction of Apple's improved Kerberos SSO Extension there was a hope that NoMAD's time had perhaps passed.

However, after watching the number of people in #nomad Slack channel increase and continued usage of the product, it started becoming more clear that the time had perhaps come to do a major rework of the code base to allow for modernization.

While many organizations won't get much use out of the new features, everyone should be able to benefit from a much improved code base which should finally put to bed some long suffering NoMAD "features" like not checking for tickets on first launch.

Even with Apple's included Kerberos apps, there's still a significant need to allow for customization of the user experience — either through allowing the use of logos and custom titles for menu, or full on customization of the application's behavior. NoMAD 2 provides this.

Plus for anyone looking to learn Swift and how it might help with administration tasks, this code will be much less infuriating to try and decipher and perhaps reuse in your own projects.

What's New

Most of NoMAD 2 is focused on code cleanup and modernization with a particular focus on ensuring lingering threading and other issues are properly addressed. However there are some new features that you'll find in NoMAD 2.

  • Support for Single Sign On Extensions. NoMAD 2 has a full Credential SSOE.
  • Lights Out Operation where the NoMAD menu bar item is not visible. The background operations still occur and users will get notified when they need to react. This also includes an "Actions Only" mode where the only elements in the menu bar are the Actions menu.
  • Multi-account support. You can have an unlimited number of accounts from any AD domain you'd like listed in NoMAD 2. Accounts can all have saved passwords and be enabled for automatic sign in for each account.
  • PAM module to support authentication to AD, without binding, for administration purposes.

Single Sign On Extension

NoMAD 2 provides a Credential SSOE for macOS 10.15 and above. This means that if you attempt to load a webpage that requires Kerberos authentication, and you have the proper configuration profile in place, but you don't have a ticket for the realm you are connecting to, you'll see the NoMAD 2 authentication window.

To achieve this you'll need to push a configuration profile via MDM with at least these two items:

  • menu.nomad.nomad.nomadssoe for the Extension bundle ID
  • VRPY9KHGX6 as the Team Identifier

Also add the Kerberos Realm and any URLs you want to trigger on to the profile.

You can find a sample version of the profile in the NoMAD repo.

The Team ID assumes you're using a signed copy of NoMAD 2. If you build the project yourself, your Team ID will be different.

macOS Versions

NoMAD will work on macOS 10.13 and greater. You'll need at least 10.15 for the Single Sign On Extension. Current betas may work on older versions, but don't expect that to last.

Philosophical Questions

With NoMAD 2 being able to support multiple tickets, and many users not really using Kerberos other than changing their password on occasion... the typical user flow through the app will most likely be a bit different now than it was in the past.

As such we plan on tweaking some of the NoMAD behavior to better reflect modern workflows.

Defaults

A few changes to how NoMAD 2 handles preferences.

The major one is that it's a new pref domain: menu.nomad.nomad

All app preferences will go there. Anything that will change, such as user information, password expirations and the rest, will go into menu.nomad.state so that it's quite clear which preferences are changing and which aren't.

Other than that, we're attempting to keep the preferences as similar as possible.

Building NoMAD 2

NoMAD 2 is fairly straightforward to build in recent versions of Xcode as long as you ensure to build the AD Framework first. The existing code base uses Carthage to do this, so once you have Carthage installed a simple carthage update in the project folder should do the necessary.

The AD Framework requires some ObjC code which prevents it from being a Swift Package, or else this would be even easier.

What's the current progress

At this point NoMAD 2 would be best characterized as an early beta. AD auth and getting the user record works. The SSOE is working. Accounts and passwords can be saved and used. Much of the previous NoMAD preference keys for customizing the menu also work.

File shares, localization, local password sync, password changes, and custom logos, to name some major things, are not wired up yet.

Contributing

Community feedback, participation and code are all greatly encouraged and appreciated. NoMAD 1.x was a bit daunting to get into as the code was more than a bit "meandering" plus some other unconventional practices had been used. To help flush out the past, and to make things just generally more sane, that's why we have a brand new repo and a modern code base.

Feature requests, bugs and other items can be tracked here in this repo, and we promise to be much more organized about these things this time around.

Current builds

You can find the latest releases on the Tags page.

https://github.com/jamf/NoMAD-2/releases

Mar 17, 2021

  • Multiple Accounts working
  • Single User Mode
  • Better handling of certificates

Jan 1, 2021

  • SSOE working
  • Release to the world!

Dec. 27, 2020

  • New Code base using NoMAD AD Auth Framework
  • Support for multiple accounts
  • Support for lights out operation set LightsOutIKnowWhatImDoing to true
  • Support for actions only menu set ActionItemOnly to true

GitHub

https://github.com/jamf/NoMAD-2
You might also like...

An implementation of the sliding menu found in various iOS apps.

An implementation of the sliding menu found in various iOS apps.

IIViewDeckController ViewDeck is a framework to manage side menus of all kinds. It supports left and right menus and manages the presentation of the s

Apr 28, 2022

Utilizing Apple's Vision Framework to center faces in CGImage.

Utilizing Apple's Vision Framework to center faces in CGImage.

FaceCrop CGImage extension that utilizes Apple's Vision Framework to detect and center faces. Usage cgImage.faceCrop { [weak self] result in switc

Feb 8, 2022

Completed Project for Authentication in SwiftUI using Firebase Auth SDK & Sign in with Apple

Completed Project for Authentication in SwiftUI using Firebase Auth SDK & Sign in with Apple

Completed Project for Authentication in SwiftUI using Firebase Auth SDK & Sign in with Apple Follow the tutorial at alfianlosari.com Features Uses Fir

Mar 10, 2022

SFA: Swift Firebase Auth Project✨

SFA: Swift Firebase Auth Project✨

SFAssets SFA: Swift Firebase Auth Project✨ 파이어베이스로 로그인/회원가입 뿌수기 Login View (로그인 뷰) 담당 기능 배정 Facebook Login 후릐 Google Login 태끼 Apple Login 이준초이 Github

Nov 7, 2021

An iOS library to route API paths to objects on client side with request, mapping, routing and auth layers

WANetworkRouting Developed and Maintained by ipodishima Founder & CTO at Wasappli Inc. Sponsored by Wisembly A routing library to fetch objects from a

Oct 24, 2016

An on-campus UCR auth app for iOS.

R'Scan Installation The app can be installed through the Apple App Store on compatible iOS devices: https://apple.co/3sGuxrM Usage Login Enter your R'

Dec 28, 2021

Learning App with Firebase Auth

Learning App with Firebase Auth

Learning App Displays how to make a learning app with Swift, iOS's programming l

Jan 9, 2022

Bridge between onfido-auth and react-native

react-native-onfido-auth-sdk Table of contents Overview Installation Usage 1. Creating the SDK configuration 2. Parameter details 3. Success Response

Mar 30, 2022

AnylineFaceAuthentication pairs identity document scanning with a real-time liveness check utilizing the iPhone's camera, best suited for authenticating users over the internet.

AnylineFaceAuthentication AnylineFaceAuthentication pairs identity document scanning with a real-time liveness check utilizing the iPhone's camera, be

Mar 7, 2022

SwiftCANLib is a library used to process Controller Area Network (CAN) frames utilizing the Linux kernel open source library SOCKETCAN.

SwiftCANLib SwiftCANLib is a library used to process Controller Area Network (CAN) frames utilizing the Linux kernel open source library SOCKETCAN. Th

Oct 25, 2021

An open-source, privacy-enhancing web browser for iOS, utilizing the Tor anonymity network

Onion Browser Official Site | Support | Release History | Donate © 2012-2020, Tigas Ventures, LLC (Mike Tigas) This is the Onion Browser 2.X branch, b

May 19, 2022

WeatherApp - A simple weather app utilizing Google Places API for search and OpenWeather for weather data

Swift Weather App About A simple weather app utilizing Google Places API for sea

Jan 5, 2022

WatchTube: a standalone WatchOS youtube player utilizing Download API for search data and video streaming

WatchTube: a standalone WatchOS youtube player utilizing Download API for search data and video streaming

WatchTube is a standalone WatchOS youtube player utilizing Download API for sear

May 16, 2022

FreeOTP is a two-factor authentication application for systems utilizing one-time password protocols

FreeOTP FreeOTP is a two-factor authentication application for systems utilizing one-time password protocols. Tokens can be added easily by scanning a

May 11, 2022

Digger is a lightweight download framework that requires only one line of code to complete the file download task

Digger is a lightweight download framework that requires only one line of code to complete the file download task

中文说明 Digger is a lightweight download framework that requires only one line of code to complete the file download task. Based on URLSession, pure Swif

May 1, 2022

A general purpose embedded hierarchical lock manager used to build highly concurrent applications of all types. Same type of locker used in many of the large and small DBMSs in existence today.

StickyLocking StickyLocking is a general purpose embedded lock manager which allows for locking any resource hierarchy. Installable Lock modes allow f

Jun 15, 2021

Mobile, desktop and website Apps with the same code

Mobile, desktop and website Apps with the same code

Mobile, desktop and website Apps with the same code This project shows how the source code can be architectured to run on multiple devices. As of now,

May 17, 2022

This is an open source app made to help home brewers brew their coffee by calculating the grams of water needed, and run a timer all in the same screen.

This is an open source app made to help home brewers brew their coffee by calculating the grams of water needed, and run a timer all in the same screen.

Ratios This is an open source app made to help home brewers brew their coffee by calculating the grams of water needed, and run a timer all in the sam

May 7, 2022

Useful for showing text or custom view tags in a vertical or horizontal scrollable view and support Autolayout at the same time

Useful for showing text or custom view tags in a vertical or horizontal scrollable view and support Autolayout at the same time

Useful for showing text or custom view tags in a vertical or horizontal scrollable view and support Autolayout at the same time. It is highly customizable that most features of the text tag can be configured.

May 21, 2022
Swift framework for authenticating with the Spotify API
Swift framework for authenticating with the Spotify API

SpotifyLogin SpotifyLogin is a Swift 5 Framework for authenticating with the Spotify API. Usage of this framework is bound under the Developer Terms o

Apr 22, 2022
ResearchKit is an open source software framework that makes it easy to create apps for medical research or for other research projects.
ResearchKit is an open source software framework that makes it easy to create apps for medical research or for other research projects.

ResearchKit Framework The ResearchKit™ framework is an open source software framework that makes it easy to create apps for medical research or for ot

May 19, 2022
CareKit is an open source software framework for creating apps that help people better understand and manage their health.
CareKit is an open source software framework for creating apps that help people better understand and manage their health.

CareKit CareKit™ is an open source software framework for creating apps that help people better understand and manage their health. The framework prov

May 18, 2022
Mapp SDK Inapp framework

Mapp SDK This repository contains the Mapp iOS SDK for in app messages. It is agreggation for Mapp SDK for push notifications. Integration Cocoa pods

Dec 20, 2021
Patched sdks that include private framework tbds.

sdks Patched sdks that include private framework tbds. This repository contains patched iOS SDKs containing private symbols. These were removed from o

Mar 9, 2022
Blog post on medium about the creation of a marvel app from ground up
Blog post on medium about the creation of a marvel app from ground up

Marvel App Appearance • Motivation • Posts • Installation ------- Appearance Motivation This repository supports a series of posts that will show how

Feb 10, 2022
Login-screen-UI - A simple iOS login screen written in Swift 5

This project has been updated to Swift 5 and Xcode 11.2 About This is a simple i

Feb 4, 2022
Partial rewrite of the `plutil` utility on macOS
Partial rewrite of the `plutil` utility on macOS

SwiftPlist Description This tool is a partial rewrite of the plutil utility on macOS. It allows you to view property list (plist) files in any format

Sep 1, 2021
Contains the swift rewrite of Find My Bus NJ iOS App
Contains the swift rewrite of Find My Bus NJ iOS App

FIND MY BUS NJ 2 An app for tracking NJ Transit bus times. Dependancies Alamofire SwiftyJSON PKHUD Fabric Getting started Install fastlane and imagema

Feb 9, 2022