iOS AppConfigForIdentity don't has the config values
Totonti opened this issue · 33 comments
Hi,
In my Xamarin Forms iOS app I enrollment the user correctly but when I try to get the app config policy that I define in intune with the function: IntuneMAMAppConfigManager.Instance.AppConfigForIndentity don´t get anything in FullData.
But if I look into IntuneMAMPolicyManager.Instance in DiagnosticInformation I can see the config data. Can I use this to get the values?
Wich is the right method to get those data from the App Configuration Policy?
Do i missing something ?
Thank you
Hey @Totonti, the IntuneMAMAppConfig APIs would be the right way to check for app config settings. Could you share exactly how you are calling into AppConfigForIdentity? Are you sure you’re passing in the managed user’s UPN? Could you also share how you are querying FullData?
Hi @Kyle-Reis,
My code is:
string user = IntuneMAMEnrollmentManager.Instance.EnrolledAccount;
var stringValues = new Dictionary<string,string>();
var numberValues = new Dictionary<string,int>();
IntuneMAMAppConfig appConfig = IntuneMAMAppConfigManager.Instance.AppConfigForIndentity( user );
var fullData = appConfig.FullData;
foreach ( var i in fullData )
{
foreach ( NSString key in i.Keys )
{
var val=i.ValueForKey( key );
if ( val is NSString )
stringValues.Add( key, (string)(val as NSString));
else if ( val is NSNumber )
numberValues.Add( key, (int)(val as NSNumber));
}
}
In Debug I see the user name ok, but when I inspect the appConfig the FullData is empty.
it is very strange, when I do not perform the LoginAndEnrollAccount and the user is null, the function of AppConfigForIdentity (with the null user) returns the configuration values.
It may be that since it is a managed device and the app configuration policy is at the level of managed devices, enrollment is not necessary?
FYI @Totonti, I've moved this issue to the correct repository, in the future please file all issues for our Xamarin bindings here.
Enrollment is still required for managed devices in order to receive app protection policies and MAM app config.
Now that I know we are dealing with MDM app config in this scenario, I think I know what the issue is :) It sounds like you haven't configured the required IntuneMAMUPN setting in the MDM app config policy. That setting is what allows the Intune SDK to determine who the device-managed user is, and determine if we should include the MDM app config in the results when querying our APIs. This would explain why you see the app config entries when passing in a null value but not when passing in the enrolled account.
Thanks @Kyle-Reis,
So, what I should do is add an IntuneMAMUPM key with the value {{UserPrincipalName}}, along with the rest of the keys, to the app's configuration. and when the user registers with LoginAndEnrollAccount I can use the enrollment account to get the app config values.
Is that correct?
Yes.
Ok, thanks, tomorrow i will try it.
Hi @Kyle-Reis,
I've been testing, putting the value in IntuneMAMUPN and I can not get it to work.
The following error occurs:
Every time, the app asks me to introduce the user to register but it does not seem to get the enrollment.
Hi again @Kyle-Reis ,
I have continued testing to see if I saw the problem, I verified that with a managed app the LoginAndEnrollment works well and the AppConfigForIndentity function with the registered user correctly retrieves the values of the configuration policy of the app ( without the key IntuneMAMUPN in the policy). Although I see the same error that in the previous comment .
The difference is that the first app is a VPP app that I have published in the apple store.
I'm doing the tests for the client, to show how Intune works and when I try to debug the app, I don't see the login window, the "checking yours organization data access" warning comes up for a moment and then nothing else. Could it be that when debugging something is not right?
Thank you so much for your attention
Hi @Kyle-Reis,
I have continued to perform tests. What I have found is that for the B2B app purchased in VPP, no app protection policy was assigned, but if I want to create one, it does not appear in the list of apps. If I click on "+ more apps" and put the bundleId of the app and assign a policy and debugging, the app works well: it performs the user registration and collects the configuration data.
Is this the correct way for this type of app?
Thank you
Hey @Totonti, that is the typical approach for custom line-of-business apps. But for public App Store apps that are made available for any customer to use, developers can submit a request to make the app available in the list of targetable apps.
Hi @Kyle-Reis ,
then it is correct since my app is a custom app that I have published in the app store but only for certain B2B clients, who are going to buy licenses through VPP and these clients are those who want to deploy the app through Intune, right?
Hi @Totonti how many separate clients using Intune would be using the app that you are building?
Hi @Kyle-Reis, i'm not sure, we develop an app to a client who is the one that offers the app to its own partners.
we are testing the entire process to show to our client how it could be done, and in turn, show it to their partners and they will decide how to deploy the app to their users.
hi again @Kyle-Reis ,
now we have a problem with the version of the library Microsoft.Intune.MAM.Xamarin.iOS.
if we use the last one : 10.0.7 it works ok but when we publish in App Center the app crash without error.
And when we use the version 8.1.1.2 when doing the loginandenrollment it remains in the first screen (searching organization data access )and don´t show the login page. And we must close the app, and then if restart the app try to get the configuration policy and don´t get nothing. in the debug screen i see this:
Can you help us, please?
Hey @Totonti, the issue you're describing in 8.1.1.2 is a known bug that we fixed in 10.0.7. I'm not sure what might be causing the crash that you see when deploying via AppCenter. Is the app signed properly for distribution? Are you able to connect the debugger or could you share crash logs?
Thank you @Kyle-Reis, I'm going to try to publish in App Center again with the 10.0.7 and get the logs.
We sign the app in ad-hoc , with a group of devices. is that correct?
Hi @Kyle-Reis ,
Apple has rejected the app, has sent us the log file. I attach it to see if you can see something.
They say that: "We were unable to review your app as it crashed on launch."
If we can not publish it with the latest version of the library, we will not be able to implement it in Intune as we wanted.
attachment-22441737030596131011459262051.console.log
Thank you
Hey @Totonti, are you able to reproduce the crash locally? Can you attach a debugger? The log file only contains the following statement repeated several times, and it doesn't appear to be related to Intune:
error 15:38:05.552801 -0700 aclara_meters.iOS API MISUSE: has no restore identifier but the delegate implements the centralManager:willRestoreState: method. Restoring will not be supported
Hi @Kyle-Reis , locally the app works ok. I can not reproduce the crash. In App Center and App store the app crash but in TestFlight it works.
I will try to get the log file from the device console when it crash.
Thank you
Hi @Kyle-Reis ,
I attach the log file from device console. I hope you can see something.
the app is com.aclara.mtu.programmer
Thank you
Log_Xcode_Console-AppCenter_Mam_10.zip
Hi @Kyle-Reis ,
Have you had an opportunity to see the log that I sent you?
It is important for us since we can not publish the app with the version 10.0.7 of the library and with the previous version the enrollment does not work.
Thank you
Hey @Totonti, I just noticed this comment - "We sign the app in ad-hoc , with a group of devices. is that correct?" Ad Hoc will only allow the app to be run on designated devices. This may explain why you've been unable to reproduce the issue. You should choose "App Store" when signing the archive.
Hi @Kyle-Reis ,
we publish the app in the app store connect signing it with "App Store" and it was rejected because tha app crashes at launch. But the same app with the version of MAM 8.1.1.2 is accepted, published and works ok. So i think it is not the signing of the app.
It is also very strange that the installation from testflight works.
Thank you
Hi @Kyle-Reis, I have tried the new version and the same thing happens. I have published it in AppStore and they have rejected it because it crashes when it is launched.
although I do not understand why if I install it from TestFlight it works.
It also fails if I upload it to the App Center.
thank you
Hey @Totonti, in the AppCenter case, does it crash on the same device used to test the TestFlight scenario?
hi @Kyle-Reis, yes, i use the same device in both cases.
Attach the console when I try to run the app:
thank you
Hi @Kyle-Reis ,
the answer of AppStore team is:
I think it doesn't make much sense what they say, since for TestFlight they have approved it.
I attach the log files
attachment-2948070407650225038aclara (4).log
Thank you
Hey @Totonti, were you able to get any further explanation on this? Is your app still getting rejected?
Hi @Kyle-Reis ,
We updated the sdk to version 11.8.13 and finally the apple store approved the application.
thank you very much