Authentication not working after wrapping IPA.
Closed this issue · 7 comments
Below error log I am getting from the diagnoses.
IntuneMAM: MAM611 Config file not found: Config.plist
IntuneMAM: MAM611 Is first launch
IntuneMAM: MAM611 Config file not found: NBUConfig.plist
IntuneMAM: MAM611 First launch resetting state or identity
IntuneMAM: MAM611 resetting state for identity: nil
IntuneMAM: CMARKeychainUtils: Keychain utils was accessed before app was fully initialized
IntuneMAM: MAMSharedCache: MAM611 No Device Primary User found in keychain: 1
IntuneMAM: MAMSharedCache: MAM611 Storing nil Device Primary Account ID in keychain.
IntuneMAM: MAMSharedCache: MAM611 Storing nil Device Primary Account ID in keychain.
IntuneMAM: CMARKeychainUtils: Keychain utils was accessed before app was fully initialized
IntuneMAM: MAMCacheManager: Could not find local cache item for user: (at)
IntuneMAM: Failed to instantiate MSALPublicClientApplication. Error: The operation couldn’t be completed. (MSALErrorDomain error -50000.)
IntuneMAM: Auto-enrollment failed. Result code from MAM Service Manager: 1
IntuneMAM: Failed to instantiate MSALAuthority
IntuneMAM: Failed to instantiate CMARADAuthenticationContext. Ensure the appropriate version of ADAL is included in the application
IntuneMAM: Login/Logout failed with error: Error Domain=com.microsoft.intunemam.authentication Code=3 "(null)" UserInfo={CMARScrubbedUserInfo=88888888}
IntuneMAM: MAMCacheManager: Could not find local cache item for user: (at)
IntuneMAM: Failed to instantiate MSALAuthority
IntuneMAM: Failed to instantiate CMARADAuthenticationContext. Ensure the appropriate version of ADAL is included in the application
IntuneMAM: Login/Logout failed with error: Error Domain=com.microsoft.intunemam.authentication Code=3 "(null)"
IntuneMAM: Failed to instantiate MSALAuthority
IntuneMAM: Failed to instantiate CMARADAuthenticationContext. Ensure the appropriate version of ADAL is included in the application
IntuneMAM: Login/Logout failed with error: Error Domain=com.microsoft.intunemam.authentication Code=3 "(null)"
IntuneMAM: CMARKeychainUtils: Keychain utils was accessed before app was fully initialized
IntuneMAM: MAMSharedCache: MAM611 No Device Primary User found in keychain: 1
IntuneMAM: MAMCacheManager: Could not find local cache item for user: (at)
IntuneMAM: Failed to instantiate MSALPublicClientApplication. Error: The operation couldn’t be completed. (MSALErrorDomain error -50000.)
IntuneMAM: CMARSensitiveDataScrubber: FORMAT MISMATCH! You are attempting to anonymize sensitive information that does not adhere to intended format. Scrubbing it to a generic anonymized string CMARScrubbed:
Xcode: 14
Ionic: 5
Checking in
Iphone 11 ios 16
@briny-hitesh What version of the wrapper are you using?
Intune Wrapping tool: 17.0.0
@briny-hitesh Would you be willing to share an unwrapped version of the app? That would help me to debug issues by trying to wrap the app on my end.
From the logs you shared, it looks like MSAL initialization is failing for some reason. Also, a full log would be helpful.
You can send these to vigavadi@microsoft.com
@briny-hitesh - did you manage to find a solution?
I am facing a similar issue where only some iOS users are not able to open our application. When they click in the installed application they get "Your AuthenticationContext is configured to allowed brokered authentication but your redirect URI is not setup properly...". It's a native application compiled for iOS14.0 or later and is wrapped using 17.0.
Our team checked the following:
• All requirements are met for the iOS LOB app deployment.
• App works correctly without the Intune wrapper.
• The following workaround works. Manually removing the user from the MS authenticator, opening another app to trigger app protection from intune portal and opening the app resolves the issue.
• Plist file correctly configured.
• We also tested the application using the latest released wrapper 17.1.1 and still the affected devices are facing the same issue.
@vas2086 By default brokered auth is not supported by wrapper. you need to configure your app correctly for that.
How are you wrapping the app? Do you have an active AAD registration? You need to add the -aa -ac -ar parameters as mentioned here: https://learn.microsoft.com/en-us/mem/intune/developer/app-wrapper-prepare-ios#command-line-parameters.
Once you do that, you need to follow the steps here:https://learn.microsoft.com/en-us/mem/intune/developer/app-sdk-get-started#give-your-app-access-to-the-intune-app-protection-service-optional
This is to give access to Intune resource for your app.