Certificate-based authentication with Azure AD for iOS does not work with wrapped builds initially

Question

Certificate-based authentication with Azure AD for iOS does not work with wrapped builds initially

ryandegruyter opened this issue 3 years ago · 3 comments

Describe the bug:
When I enroll with Intune and install the wrapped build, I can never log in the first time.
I need to install the non-wrapped build first because it will show the following pop up which the wrapped build never triggers:

Once this popup has been approved, I can log in with a wrapped build.

Expected behaviour:
When I enrol for the first time, I expect a wrapped build to log in successfully, just like a non-wrapped build.

Smartphone (please complete the following information):
iOS 14.4.2
iPhone X

Intune app wrapping tool (please complete the following information):

What version of the wrapper are you using? Are you using the latest version?
14.3.0
What platform is your app based in (Java, Xamarin based, Cordova, etc)?
Cordova/Capacitor
Do you see a trend with it only being reproduced on a specific device?
Happens on all iOS devices. Non-wrapped builds authenticate successfully, wrapped builds not.

Additional context:
Add any other context about the problem here.

Intune managed iOS device
Authentication via MSAL
Certificate-based authentication

Answer 1 · 2021-04-16T14:09:16.000Z

Hi @ryandegruyter,

Before you wrap your application, try adding a dictionary named IntuneMAMSettings to your application's Info.plist and add a boolean key named SafariViewControllerBlockedOverride with value YES.

Thanks,
Neil

Answer 2 · 2021-04-19T06:20:26.000Z

Thank you @neiljac1, this works. Our MDM policy states all links should open in Edge, but this can act as a temporary solution.
Ideally, we would want our app to open Microsoft Authenticator, but brokered authentication does not seem to work in our case. It will always try and open a web-browser instead of the Authenticator app. I have opened an issue in AzureAD/microsoft-authentication-library-for-objc#1292.

Answer 3 · 2021-04-19T13:48:05.000Z

Hi @ryandegruyter,

I'm glad this fixed the issue for you. HTTP/HTTPS links will still open in edge with this setting. If your application uses SFSafariViewController for other purposes, the data in the view will not be protected however.

Thanks,
Neil