Wrapped IOS app using custom AAD client not working
Closed this issue · 17 comments
We have a in-house IOS app that uses a custom Azure AD client app to authenticate. The AAD client app is configured for MSAL. It has Graph and MAM api delegates. The app on its own can successfully connect and authenticate using the AAD client app.
Next we wrap the app using the Intune App wrapping tool for iOS (version 12.7.0) and specify the AAD client id and related parameters using -aa, -ac and -ar options. Ref: https://docs.microsoft.com/en-us/mem/intune/developer/app-wrapper-prepare-ios
When the wrapped app is launched, we get a Sign In popup - "To protect its data, your organization needs to manage this app. To complete this action, sign in with your work or school account." and then a white screen. The app is unable to connect to Azure and keeps spinning on the white screen.
Any idea what's going on? All help is appreciated.
Thanks,
Hi @PushpitaPawar - question: When you open the "Frameworks" directory inside of the app bundle, do you see both ADAL.framework and MSAL.framework?
Hi @Kyle-Reis,
Yes, I do see both the frameworks. There are 3 in total: ADAL.framework, MSAL.framework and IntuneMAM.framework. Guess the presence of ADAL.framework is causing the conflict. How do I get rid of it? The pre-wrapped IPA has only MSAL.framework. The other 2 are added by the IntuneWrapper sdk.
Thanks,
Pushpita
@PushpitaPawar, we will need to make a fix on our end to check for existence of MSAL and not inject the ADAL framework in this scenario. In the meantime, one thing you could try is to remove the ADAL framework from the bundle and resign using the codesign command.
@Kyle-Reis , thanks. I will try to resign after removing ADAL framework. Will keep you posted. Do you have a timeline for the fix in the sdk?
Thanks,
Pushpita
@Kyle-Reis , the re-signing after removing the ADAL framework did not work. Do you have a new version with the fix for MSAL? We need the fix urgently. This is a production app affecting a couple of thousand users and the delay is getting difficult to manage. Please prioritize this fix.
Thanks,
Pushpita
Hey @PushpitaPawar, may I ask why you are trying to wrap this app instead of integrating the SDK and calling registerAndEnrollAccount to silently enroll in MAM after the app has authenticated?
@Kyle-Reis, this is how we were told to wrap apps so that the apps are managed by Intune a few years back by Microsoft Support. In fact, I had worked with Aasawari Navathe at that time. Are you saying we should not use the app wrapping tool anymore? This is a cordova/Ionic app. I do not see SDK for cordova.
@PushpitaPawar, that makes sense. I was under the impression that this was a native Objective-C/Swift app. How does the app integrate MSAL? Did you develop a Cordova plugin for the native MSAL SDK?
@Kyle-Reis, app uses cordova-plugin-msal and connects to client app in our AAD tenant.
Hi @PushpitaPawar, which version of MSAL is your app linking to?
@Kyle-Reis, App is using cordova-plugin-msal, version 2.5.0; @azure/msal-angular, version 1.0.0 and msal 1.3.3
@PushpitaPawar, does your app have these schemes listed under LSApplicationQueriesSchemes in its Info.plist?
@Kyle-Reis, Yes both schemes are present under LSApplicationQueriesSchemes in its Info.plist
Hey @Kyle-Reis, how is the MSAL integration coming along? If you have a test version ready, I can help test it.
Thanks, Pushpita
Hi @PushpitaPawar - checking in to see if your issue has been resolved?
Closing this issue due to inactivity. Feel free to open again if issue persists.