microsoftconnect/intune-app-wrapping-tool-ios

App getting crashed due to Intune Mam Shift Error after redirected to app.

Opened this issue · 4 comments

sabaricod commented

@Kyle-Reis or any other who could look into this, please guide us as it is business critical.

Technology: React Native
XCode Version:15.1,
Project Xcode Version:14
IOS Tool version Used: 17.7.6

Expected Behaviour:

App should launch and when the authentication is successful , it should redirect to the dashboard.

Behaviour Exhibited:
App is launched, upon successful authentication , no redirect happens and pushed out of app and this is the log we receive from sentry , IntuneMAMSwiftError refer below

im

Steps we follow:

  1. App built using xcode
  2. App being wrapped with IOS Wrapping Tool after the implementation of below steps
  3. Azure app registration
  4. Add the custom redirect URL to your app settings (i.e: add the bundle id in this format msauth.com.adib.acemobile)
  5. To add Keychain group should be com.microsoft.adalcache on iOS
  6. To wrap the app with IOS Wrapping tool along with parameter -aa,-ac,-ar without double quotes.(This is command we use (Volumes/IntuneMAMAppPackager\ 1/IntuneMAMPackager/Contents/MacOS/IntuneMAMPackager -i /Users/sabari/ACE_MOBILE\ 2024-03-12\ 17-07-16/ACE_MOBILE.ipa -o /Users/sabari/NEW/FRESHACE.ipa -p /Users/sabari/Downloads/adibtest.mobileprovision -c "A4 8A D7 C7 99 C4 BD C7 57 D3 BC 44 D1 D5 CC A2 BD 22 69 35" -aa https://login.microsoftonline.com/ff49c438-c469-4c10-96f6-61f54df41c9b -ac 8b6db35c-bc49-4a15-9633-ff42bd029e32 -ar msauth.com.adib.acemobile://auth/ -v true)
  7. Wrapping is successful and deployed
  8. App being deployed with App Protection Policies in intunes.

All these steps are being referred from https://learn.microsoft.com/en-us/mem/intune/developer/app-wrapper-prepare-ios#general-prerequisites-for-the-app-wrapping-tool and followed exactly ,please let us know if we have to do something else to make it work.

sabaricod commented

It is something business critical, any help would be appreciated and also please clarify that do we have to follow the steps below configuring MSAL, the one in this image for IOS

reference link:https://github.com/AzureAD/microsoft-authentication-library-for-objc#configuring-msal

Screenshot 2024-03-15 at 6 21 18 PM
mukeshk-ms commented

@sabaricod You don't need to integrate MSAL in your app for app wrapping to work. Can you please try the following -

  • As mentioned here confirm the redirect URI configured for your app registration on Azure/ Entra Id is "msauth.com.adib.acemobile://auth" and not msauth.com.adib.acemobile
  • Update to the latest version of App Wrapping tool which is 19.2.0 and verify if the error persists
  • Does your app implements any additional user authentication ( Integrating with app wrapping tool will prompt user for authentication with Entra Id so I would like to verify if you have additional logic built-in the app for user authentication)
sabaricod commented

@mukeshk-ms , hi thanks for your suggestion. here is the following details to the above note.

  1. as mentioned , i can confirm the redirect uri is msauth.com.adib.acemobile://auth with platform ios
  2. let me update to new tool and check again, share the results
  3. no our app doesnt uses external authentication , it is implemented before but not one. before after successful authentication of azure we will make a call to oneconnect to retrieve token and make api calls with all these tokens for security reasons. but right now i can confirm no additional authentication is used other than azure.
sabaricod commented

@mukeshk-ms Tried with latest wrapping tool 19.2.0 still same error persists, anyway to check this out?