Sign-in process not detecting Company Portal app on device for some users
Opened this issue · 5 comments
Expected behavior
After entering email and password, user is prompted with a page that asked user to 'Register your device to continue' with a button labeled 'Register'. The user taps this button and the device is registered in Intune and the app proceeds to launch successfully.
Actual behavior
After entering email and password, user is prompted with a page that says they do not have the Company Portal app even though they have it installed and set up, with a button labeled 'Get the app' which when tapped takes the user to the Company Portal app store page. In the 'More details' section of this page, the device is marked as 'unregistered'.
Steps to reproduce the problem
- Open custom app
- Enter email and password when prompted
- App shows error page described in 'Actual behaviour' section
Specifications like the version of the library, operating system etc.
Environment
Users are using MAM-WE. When they install the Company Portal app they 'Postpone' the Work Profile installation, so they are using their personal device and profile.
ADAL version
1.16.3 (Meets minimum recommended version requirements)
Intune SDK version
Not sure how to determine as is an AAR file and a build.jar?
Tests with different users and different operating system versions
User 1 (WORKS)
Android version 9
Company Portal version 5.0.5164.0
User 2 (WORKS)
Android version 11
Company Portal version 5.0.5155.0
User 3 (WORKS)
Android version 11
Company Portal version 5.0.5155.0
User 4 (ISSUE OCCURS)
Android version 11, patch level 1 June 2021
Company Portal version 5.0.5164.0
User 5 (ISSUE OCCURS)
Android version 11
Company Portal version 5.0.5164.0
Relevant logs and traces
V/AcquireTokenRequest:validateAuthority: [2021-06-07 09:18:27 - {uuid_omitted}] The passed in authority is valid. ver:1.16.3 Android 30
E/BrokerValidator:verifySignature: [2021-06-07 09:18:27 - {"thread_id":"6972","correlation_id":"{uuid_omitted}"}] Broker related package does not exist Android 30
android.content.pm.PackageManager$NameNotFoundException: com.azure.authenticator
at android.app.ApplicationPackageManager.getPackageInfoAsUser(ApplicationPackageManager.java:282)
at android.app.ApplicationPackageManager.getPackageInfo(ApplicationPackageManager.java:254)
at com.microsoft.intune.mam.client.content.pm.PolicyPackageManager.getPackageInfo(PolicyPackageManager.java:362)
at com.microsoft.intune.mam.client.content.pm.PackageManagementBehaviorImpl.getPackageInfo(PackageManagementBehaviorImpl.java:291)
at java.lang.reflect.Method.invoke(Native Method)
at com.microsoft.intune.mam.InterProxy$InterInvocationHandler.invoke(InterProxy.java:88)
at java.lang.reflect.Proxy.invoke(Proxy.java:1006)
at $Proxy10.getPackageInfo(Unknown Source)
at com.microsoft.intune.mam.client.content.pm.MAMPackageManagement.getPackageInfo(MAMPackageManagement.java:228)
at com.microsoft.identity.common.internal.broker.BrokerValidator.readCertDataForBrokerApp(BrokerValidator.java:136)
at com.microsoft.identity.common.internal.broker.BrokerValidator.verifySignature(BrokerValidator.java:92)
at com.microsoft.aad.adal.BrokerProxy.verifyAuthenticator(BrokerProxy.java:967)
at com.microsoft.aad.adal.BrokerProxy.canSwitchToBroker(BrokerProxy.java:127)
at com.microsoft.aad.adal.AcquireTokenRequest.validateAcquireTokenRequest(AcquireTokenRequest.java:197)
at com.microsoft.aad.adal.AcquireTokenRequest.access$100(AcquireTokenRequest.java:55)
at com.microsoft.aad.adal.AcquireTokenRequest$1.run(AcquireTokenRequest.java:128)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:923)
V/BrokerProxy:canSwitchToBroker: [2021-06-07 09:18:27 - {uuid_omitted}] Broker auth is turned off or no valid broker is available on the device, cannot switch to broker. ver:1.16.3 Android 30
V/AcquireTokenRequest:tryAcquireTokenSilent: [2021-06-07 09:18:27 - {uuid_omitted}] Try to acquire token silently, return valid AT or use RT in the cache. ver:1.16.3 Android 30
E/BrokerValidator:verifySignature: [2021-06-07 09:18:27 - {"thread_id":"6972","correlation_id":"{uuid_omitted}"}] Broker related package does not exist Android 30
android.content.pm.PackageManager$NameNotFoundException: com.azure.authenticator
at android.app.ApplicationPackageManager.getPackageInfoAsUser(ApplicationPackageManager.java:282)
at android.app.ApplicationPackageManager.getPackageInfo(ApplicationPackageManager.java:254)
at com.microsoft.intune.mam.client.content.pm.PolicyPackageManager.getPackageInfo(PolicyPackageManager.java:362)
at com.microsoft.intune.mam.client.content.pm.PackageManagementBehaviorImpl.getPackageInfo(PackageManagementBehaviorImpl.java:291)
at java.lang.reflect.Method.invoke(Native Method)
at com.microsoft.intune.mam.InterProxy$InterInvocationHandler.invoke(InterProxy.java:88)
at java.lang.reflect.Proxy.invoke(Proxy.java:1006)
at $Proxy10.getPackageInfo(Unknown Source)
at com.microsoft.intune.mam.client.content.pm.MAMPackageManagement.getPackageInfo(MAMPackageManagement.java:228)
at com.microsoft.identity.common.internal.broker.BrokerValidator.readCertDataForBrokerApp(BrokerValidator.java:136)
at com.microsoft.identity.common.internal.broker.BrokerValidator.verifySignature(BrokerValidator.java:92)
at com.microsoft.aad.adal.BrokerProxy.verifyAuthenticator(BrokerProxy.java:967)
at com.microsoft.aad.adal.BrokerProxy.canSwitchToBroker(BrokerProxy.java:127)
at com.microsoft.aad.adal.BrokerProxy.verifyBrokerForSilentRequest(BrokerProxy.java:172)
at com.microsoft.aad.adal.AcquireTokenRequest.acquireTokenSilentFlow(AcquireTokenRequest.java:465)
at com.microsoft.aad.adal.AcquireTokenRequest.tryAcquireTokenSilent(AcquireTokenRequest.java:377)
at com.microsoft.aad.adal.AcquireTokenRequest.performAcquireTokenRequest(AcquireTokenRequest.java:356)
at com.microsoft.aad.adal.AcquireTokenRequest.access$200(AcquireTokenRequest.java:55)
at com.microsoft.aad.adal.AcquireTokenRequest$1.run(AcquireTokenRequest.java:129)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:923)
V/BrokerProxy:canSwitchToBroker: [2021-06-07 09:18:27 - {uuid_omitted}] Broker auth is turned off or no valid broker is available on the device, cannot switch to broker. ver:1.16.3 Android 30
V/AcquireTokenRequest:tryAcquireTokenSilentLocally: [2021-06-07 09:18:27 - {uuid_omitted}] Try to silently get token from local cache. ver:1.16.3 Android 30
V/TokenCacheAccessor:getATFromCache: [2021-06-07 09:18:27 - {uuid_omitted}] No access token exists. ver:1.16.3 Android 30
V/AcquireTokenSilentHandler:getAccessToken: [2021-06-07 09:18:27 - {uuid_omitted}] No valid access token exists, try with refresh token. ver:1.16.3 Android 30
V/AcquireTokenSilentHandler:tryRT: [2021-06-07 09:18:27 - {uuid_omitted}] Regular token cache entry does not exist, try with MRRT. ver:1.16.3 Android 30
V/AcquireTokenSilentHandler:tryMRRT: [2021-06-07 09:18:28 - {uuid_omitted}] MRRT token does not exist, try with FRT ver:1.16.3 Android 30
V/AcquireTokenSilentHandler:tryFRT: [2021-06-07 09:18:28 - {uuid_omitted}] FRT cache item does not exist, fall back to try MRRT. ver:1.16.3 Android 30
V/AcquireTokenSilentHandler:useMRRT: [2021-06-07 09:18:28 - {uuid_omitted}] Send request to use MRRT for new AT. ver:1.16.3 Android 30
V/AcquireTokenSilentHandler:useMRRT: [2021-06-07 09:18:28 - {uuid_omitted}] MRRT does not exist, cannot proceed with MRRT for new AT. ver:1.16.3 Android 30
E/AcquireTokenRequest:tryAcquireTokenSilent: [2021-06-07 09:18:28 - {uuid_omitted}] AUTH_REFRESH_FAILED_PROMPT_NOT_ALLOWED:Prompt is not allowed and failed to get token. No result returned from acquireTokenSilent ver:1.16.3 Android 30
V/BrokerProxy: [2021-06-07 09:18:28 - {uuid_omitted}] Device runs on 23 and above, skip the check for 22 and below. ver:1.16.3 Android 30
V/CacheKeyValueDelegate: [2021-06-07 09:18:28 - {"thread_id":"6968","correlation_id":"UNSET"}] Init: CacheKeyValueDelegate Android 30
V/SharedPreferencesFileManager: [2021-06-07 09:18:28 - {"thread_id":"6968","correlation_id":"UNSET"}] Init with storage helper: SharedPreferencesFileManager Android 30
V/SharedPreferencesAccountCredentialCache: [2021-06-07 09:18:28 - {"thread_id":"6968","correlation_id":"UNSET"}] Init: SharedPreferencesAccountCredentialCache Android 30
V/MsalOAuth2TokenCache: [2021-06-07 09:18:28 - {"thread_id":"6968","correlation_id":"UNSET"}] Init: MsalOAuth2TokenCache Android 30
V/ADALOAuth2TokenCache: [2021-06-07 09:18:28 - {"thread_id":"6968","correlation_id":"UNSET"}] Init: ADALOAuth2TokenCache Android 30
I/ADALOAuth2TokenCache: [2021-06-07 09:18:28 - {"thread_id":"6968","correlation_id":"UNSET"}] Context is an Application? [true] Android 30
V/ADALOAuth2TokenCache: [2021-06-07 09:18:28 - {"thread_id":"6968","correlation_id":"UNSET"}] Validating secret key settings. Android 30
V/ADALOAuth2TokenCache: [2021-06-07 09:18:28 - {"thread_id":"6968","correlation_id":"UNSET"}] Initializing SharedPreferencesFileManager Android 30
V/SharedPreferencesFileManager: [2021-06-07 09:18:28 - {"thread_id":"6968","correlation_id":"UNSET"}] Init with storage helper: SharedPreferencesFileManager Android 30
V/AcquireTokenRequest:acquireToken: [2021-06-07 09:18:28 - {uuid_omitted}] Sending async task from thread:5931 ver:1.16.3 Android 30
V/AcquireTokenRequest:acquireToken: [2021-06-07 09:18:28 - {uuid_omitted}] Running task in thread:5938 ver:1.16.3 Android 30
E/BrokerValidator:verifySignature: [2021-06-07 09:18:28 - {"thread_id":"6972","correlation_id":"{uuid_omitted}"}] Broker related package does not exist Android 30
I referenced this issue in two issues I found filed in the MSAL library. The issues seem either similar or identical and could indicate an issue with Company Portal rather than either of these authentication libraries.
@ghtaylor Thanks for reporting the issue, we are taking a look. Seems like it was working properly on 5.0.5155.0 and then started happening on 5.0.5164.0 so possibly a regression there. I will look at the delta between the two versions and then see what I can conclude from that.
Can you provide an update to this issue? We are facing this issue on Android 11 devices.
I managed to fix this issue last week. I hope this helps you and others.
The issue affects both MSAL and ADAL and is related to changes to Package Visibility with Android 11. You must add the following code to your manifest file. I also found that I needed at least gradle plugin version 3.5.4; we were experiencing build errors with 3.5.3.
<manifest ...>
...
<queries>
<package android:name="com.azure.authenticator" />
<package android:name="com.microsoft.windowsintune.companyportal" />
</queries>
...
<application ...>
...
</manifest>
See the below links for extra information:
https://stackoverflow.com/questions/62345805/namenotfoundexception-when-calling-getpackageinfo-on-android-11
https://developer.android.com/about/versions/11/privacy/package-visibility
@shahzaibj I was going to close this issue, but I actually think it's important this information is added to documentation wherever broker implementation is mentioned. It also applies to MSAL, not just ADAL. Could you please confirm that MS will update documentation?