Would love if this could be fully investigated to ensure most recommended/friendliest defaults for the common case I'm targeting. I understand many subsets may be unnecessary(especially the things I'm not doing find/replace on inside of %'s) but I don't see PUT's for subsets, nor do I know if it will generate its own default values for me, anyway.

formattedSelfServePolicy.xml

<?xml version="1.0" encoding="UTF-8"?>
<policy>
  <general>
    <id>%PCY_ID%</id>
    <name>SelfServeLatest_%PROD_NAME%</name>
    <enabled>true</enabled>
    <trigger>USER_INITIATED</trigger>
    <trigger_checkin>false</trigger_checkin>
    <trigger_enrollment_complete>false</trigger_enrollment_complete>
    <trigger_login>false</trigger_login>
    <trigger_logout>false</trigger_logout>
    <trigger_network_state_changed>false</trigger_network_state_changed>
    <trigger_startup>false</trigger_startup>
    <trigger_other/>
    <frequency>Once per computer</frequency>
    <target_drive>default</target_drive>
    <offline>false</offline>
    <category>
      <id>-1</id>
      <name>Unknown</name>
    </category>
    <date_time_limitations>
      <activation_date/>
      <activation_date_epoch>0</activation_date_epoch>
      <activation_date_utc/>
      <expiration_date/>
      <expiration_date_epoch>0</expiration_date_epoch>
      <expiration_date_utc/>
      <no_execute_on/>
      <no_execute_start/>
      <no_execute_end/>
    </date_time_limitations>
    <network_limitations>
      <minimum_network_connection>No Minimum</minimum_network_connection>
      <any_ip_address>true</any_ip_address>
      <network_segments/>
    </network_limitations>
    <override_default_settings>
      <target_drive>default</target_drive>
      <distribution_point/>
      <force_afp_smb>false</force_afp_smb>
      <sus>default</sus>
      <netboot_server>current</netboot_server>
    </override_default_settings>
    <network_requirements>Any</network_requirements>
    <site>
      <id>-1</id>
      <name>None</name>
    </site>
  </general>
  <scope>
    <all_computers>false</all_computers>
    <computers/>
    <computer_groups>
      <computer_group>
        <id>%grp_id%</id>
        <name>lessThanMostRecent_%PROD_NAME%</name>
      </computer_group>
    </computer_groups>
    <buildings/>
    <departments/>
    <limit_to_users>
      <user_groups/>
    </limit_to_users>
    <limitations>
      <users/>
      <user_groups/>
      <network_segments/>
    </limitations>
    <exclusions>
      <computers/>
      <computer_groups/>
      <buildings/>
      <departments/>
      <users/>
      <user_groups/>
      <network_segments/>
    </exclusions>
  </scope>
  <self_service>
    <use_for_self_service>true</use_for_self_service>
    <install_button_text>Install</install_button_text>
    <self_service_description/>
    <force_users_to_view_description>false</force_users_to_view_description>
    <self_service_icon/>
  </self_service>
  <package_configuration>
    <packages>
      <size>1</size>
      <package>
        <id>1</id>
        <name>%PKG_NAME%</name>
        <action>Install</action>
        <fut>false</fut>
        <feu>false</feu>
        <update_autorun>false</update_autorun>
      </package>
    </packages>
  </package_configuration>
  <scripts>
    <size>0</size>
  </scripts>
  <printers>
    <size>0</size>
    <leave_existing_default/>
  </printers>
  <dock_items>
    <size>0</size>
  </dock_items>
  <account_maintenance>
    <accounts>
      <size>0</size>
    </accounts>
    <directory_bindings>
      <size>0</size>
    </directory_bindings>
    <management_account>
      <action>doNotChange</action>
    </management_account>
    <open_firmware_efi_password>
      <of_mode>none</of_mode>
      <of_password/>
    </open_firmware_efi_password>
  </account_maintenance>
  <reboot>
    <message>This computer will restart in 5 minutes. Please save anything you are working on and log out by choosing Log Out from the bottom of the Apple menu.</message>
    <startup_disk>Current Startup Disk</startup_disk>
    <specify_startup/>
    <no_user_logged_in>Restart if a package or update requires it</no_user_logged_in>
    <user_logged_in>Restart if a package or update requires it</user_logged_in>
    <minutes_until_reboot>5</minutes_until_reboot>
  </reboot>
  <maintenance>
    <recon>true</recon>
    <reset_name>false</reset_name>
    <install_all_cached_packages>false</install_all_cached_packages>
    <heal>false</heal>
    <prebindings>false</prebindings>
    <permissions>false</permissions>
    <byhost>false</byhost>
    <system_cache>false</system_cache>
    <user_cache>false</user_cache>
    <verify>false</verify>
  </maintenance>
  <files_processes>
    <search_by_path/>
    <delete_file>false</delete_file>
    <locate_file/>
    <update_locate_database>false</update_locate_database>
    <spotlight_search/>
    <search_for_process/>
    <kill_process>false</kill_process>
    <run_command/>
  </files_processes>
  <user_interaction>
    <message_start/>
    <allow_users_to_defer>false</allow_users_to_defer>
    <allow_deferral_until_utc/>
    <message_finish/>
  </user_interaction>
</policy>

As probability goes, we have only one, unlikely-to-be-the-cause discrepancy, which is the API between our JSS's - I eliminated the version of python(and bundled urllib2 module) between 10.8 and 10.9 being the issue(I had been testing just autopkg on 10.8, but that wouldn't explain while curl'ing from my 10.9 box was failing.)

I still have stuff to accomplish that I'm working on outside of this, which is to additionally parse and hold onto the server's response for updating version numbers or smartgroup ids(which I'm already reading into a var I hadn't been doing anything with.)

This is the result of GETing the policy created on my 10.8.5 machine, JSS is 9.12 and inside an Ubuntu VM, package conspicuously missing:

<?xml version="1.0" encoding="UTF-8"?>
<policy>
  <general>
    <id>8</id>
    <name>SelfServeLatest_VLC</name>
    <enabled>true</enabled>
    <trigger>USER_INITIATED</trigger>
    <trigger_checkin>false</trigger_checkin>
    <trigger_enrollment_complete>false</trigger_enrollment_complete>
    <trigger_login>false</trigger_login>
    <trigger_logout>false</trigger_logout>
    <trigger_network_state_changed>false</trigger_network_state_changed>
    <trigger_startup>false</trigger_startup>
    <trigger_other/>
    <frequency>once per computer</frequency>
    <target_drive>default</target_drive>
    <offline>false</offline>
    <category>
      <id>-1</id>
      <name>Unknown</name>
    </category>
    <date_time_limitations>
      <activation_date/>
      <activation_date_epoch>0</activation_date_epoch>
      <activation_date_utc/>
      <expiration_date/>
      <expiration_date_epoch>0</expiration_date_epoch>
      <expiration_date_utc/>
      <no_execute_on/>
      <no_execute_start/>
      <no_execute_end/>
    </date_time_limitations>
    <network_limitations>
      <minimum_network_connection>No Minimum</minimum_network_connection>
      <any_ip_address>true</any_ip_address>
      <network_segments/>
    </network_limitations>
    <override_default_settings>
      <target_drive>default</target_drive>
      <distribution_point/>
      <force_afp_smb>false</force_afp_smb>
      <sus>default</sus>
      <netboot_server>current</netboot_server>
    </override_default_settings>
    <network_requirements>Any</network_requirements>
    <site>
      <id>-1</id>
      <name>None</name>
    </site>
  </general>
  <scope>
    <all_computers>false</all_computers>
    <computers/>
    <computer_groups>
      <computer_group>
        <id>6</id>
        <name>LessThanMostRecent_VLC</name>
      </computer_group>
    </computer_groups>
    <buildings/>
    <departments/>
    <limit_to_users>
      <user_groups/>
    </limit_to_users>
    <limitations>
      <users/>
      <user_groups/>
      <network_segments/>
    </limitations>
    <exclusions>
      <computers/>
      <computer_groups/>
      <buildings/>
      <departments/>
      <users/>
      <user_groups/>
      <network_segments/>
    </exclusions>
  </scope>
  <self_service>
    <use_for_self_service>true</use_for_self_service>
    <install_button_text>Install</install_button_text>
    <self_service_description/>
    <force_users_to_view_description>false</force_users_to_view_description>
    <self_service_icon/>
  </self_service>
  <package_configuration>
    <packages>
      <size>0</size>
    </packages>
  </package_configuration>
  <scripts>
    <size>0</size>
  </scripts>
  <printers>
    <size>0</size>
    <leave_existing_default/>
  </printers>
  <dock_items>
    <size>0</size>
  </dock_items>
  <account_maintenance>
    <accounts>
      <size>0</size>
    </accounts>
    <directory_bindings>
      <size>0</size>
    </directory_bindings>
    <management_account>
      <action>doNotChange</action>
    </management_account>
    <open_firmware_efi_password>
      <of_mode>none</of_mode>
      <of_password/>
    </open_firmware_efi_password>
  </account_maintenance>
  <reboot>
    <message>This computer will restart in 5 minutes. Please save anything you are working on and log out by choosing Log Out from the bottom of the Apple menu.</message>
    <startup_disk>Current Startup Disk</startup_disk>
    <specify_startup/>
    <no_user_logged_in>Restart if a package or update requires it</no_user_logged_in>
    <user_logged_in>Restart if a package or update requires it</user_logged_in>
    <minutes_until_reboot>5</minutes_until_reboot>
  </reboot>
  <maintenance>
    <recon>true</recon>
    <reset_name>false</reset_name>
    <install_all_cached_packages>false</install_all_cached_packages>
    <heal>false</heal>
    <prebindings>false</prebindings>
    <permissions>false</permissions>
    <byhost>false</byhost>
    <system_cache>false</system_cache>
    <user_cache>false</user_cache>
    <verify>false</verify>
  </maintenance>
  <files_processes>
    <search_by_path/>
    <delete_file>false</delete_file>
    <locate_file/>
    <update_locate_database>false</update_locate_database>
    <spotlight_search/>
    <search_for_process/>
    <kill_process>false</kill_process>
    <run_command/>
  </files_processes>
  <user_interaction>
    <message_start/>
    <allow_users_to_defer>false</allow_users_to_defer>
    <allow_deferral_until_utc/>
    <message_finish/>
  </user_interaction>
</policy>

According to the policy XML above, it looks like it's more than a GUI issue - the package isn't being associated at all.

If the package is still not getting associated with the policy after the upgrade to 9.21, I think we should dig into specifying only the package name in the policy XML rather than the name and ID.

In my case, the VLC package is getting created as package ID 8 since I have deleted a few packages that I previously created, but JSSImporter.py is assuming that it's ID is 3 and is writing that to the policy XML.

So close...

I was just able to add a category to 9.12 using the following XML and CURL command, FWIW:

curl -k -v -u admin:jamf1234 https://10.1.22.141:8443/JSSResource/categories/id/0 -X POST -T ~/Desktop/category.xml

<?xml version="1.0" encoding="utf-8"?>
<category>
    <name>VLC</name>
</category>