Failed to save ADAL cache record after incorporating intune SDK into Xamarin iOS #1625
Comments
|
@amt-work Are you using |
|
@jennyf19 Yes, I'm setting it like this: authContext.iOSKeychainSecurityGroup = "com.microsoft.adalcache"; in my entitlements file I have $(AppIdentifierPrefix)com.microsoft.adalcache |
|
@amt-work Thanks for confirming. cc: @Kyle-Reis |
|
@jennyf19 The logs look like when I do the first authContext.AcquireTokenAsync(...): AdalLoggerBase.cs: Looking up cache for a token... Then when I call authContext.AcquireTokenSilentAsync(...) I get this: I'm not sure what the intune incident ID is and I can't post my code because its private. |
|
@amt-work any chance you can enable pii and send me those logs via email? or, if you can tell me the SecStatusCode coming back from "Failed to save adal cache record:" that would be helpful. [email protected] |
|
@jennyf19 I'm not sure how to retrieve the SecStatusCode. What I posted is all the logs returned back to me. |
|
@amt-work Sorry it wasn't clear, if you enable pii logs, you will get back the SecStatusCode as part of the error message. |
ghost
mentioned this issue
|
@jennyf19 I put this feature on hold temporarily so I haven't had a chance to look at it since then. |
|
@amt-work can you please check with the latest version. We think it's fixed |
|
@jmprieur latest version of ADAL package or latest version of intune SDK? |
|
@amt-work : sorry, I was not clear. Of ADAL. |
|
@jmprieur I actually still have this issue, even after updating my ADAL version and the intune SDK version. For reference, the pii logs state: AdalLoggerBase.cs: Failed to save adal cache record: MissingEntitlement, I'm unsure what entitlement it's referring to specifically. I haven't touched this since July but it's the same issue I was having then. |
|
@jennyf19 My entitlements.plist file contains this: And my iOSKeychainSecurityGroup looks like this: |
|
But does the build have it set to use the entitlement file? I would run
the InTune build tool to validate setup of info.plist and entitlement.plist
file.
Aaron via mobile
On Fri, Nov 15, 2019 at 3:15 PM amt-work ***@***.***> wrote:
@jennyf19 <https://github.com/jennyf19> My entitlements.plist file
contains this:
keychain-access-groups
$(AppIdentifierPrefix)temp.company.name
$(AppIdentifierPrefix)com.microsoft.adalcache
$(AppIdentifierPrefix)com.microsoft.azureauthenticator
$(AppIdentifierPrefix)com.azure.authenticator
$(AppIdentifierPrefix)com.microsoft.intune.mam
And my iOSKeychainSecurityGroup looks like this:
var authContext = new AuthenticationContext(authority);
authContext.iOSKeychainSecurityGroup = "com.microsoft.adalcache";
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1625?email_source=notifications&email_token=AABLGH6J5LSO755WDB6N7SDQT37ORA5CNFSM4H46YZEKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEEGS2GA#issuecomment-554511640>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABLGH7HB2HTQOZ7E66C2FLQT37ORANCNFSM4H46YZEA>
.
--
-Aaron
|
|
@amt-work did you make sure it's also configured here: Can you provide logs? you can send them via email if that is easier ([email protected]) |
|
thanks @biozal |
|
https://docs.microsoft.com/en-us/intune/developer/app-sdk-ios#how-the-intune-app-sdk-works
Check step 7 of the directions - it explains the command and syntax. The
tool is usually included in the nuget cache directory of where ever you
have your nuget packages stored on your Mac. I usually enable verbose
logging in iOS using -v -v -v -v under Additional mtouch arguments for iOS
Build for that project and then search for IntuneMAMConfigurator in the
build logs.
Also per the best practices document on the ADAL wiki your code should look
something like this when setting up your Auth Context:
var authContext = new
AuthenticationContext(endpoint.Authority)
{
//fixes for security groups in iOS per
//https://aka.ms/adal-net-ios-keychain-access
#if __IOS__
iOSKeychainSecurityGroup = "com.microsoft.adalcache"
#endif
};
If I don't set the property like this - things don't work right in iOS.
…-Aaron
On Mon, Nov 18, 2019 at 8:42 AM amt-work ***@***.***> wrote:
@biozal <https://github.com/biozal> @jennyf19
<https://github.com/jennyf19> yeah I do have my entitlements file
selected, where is the intune build tool located?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1625?email_source=notifications&email_token=AABLGH46BFWIMKQ3UXEEYADQUKLUVA5CNFSM4H46YZEKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEEKO7EI#issuecomment-555020177>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABLGH4JHMOL6HGJ5QMWMFTQUKLUVANCNFSM4H46YZEA>
.
--
-Aaron
|
|
Actually, with the latest version of the Intune Xamarin.iOS bindings (12.0.12), setting the iOSKeychainSecurityGroup property should no longer be required. |
|
The IntuneMAMConfigurator should be getting run at build time automatically, and if there is no entitlements file associated with the configuration you’re building, it should result in a build error. Does your project contain multiple entitlements files specific to config (debug/release) or target (simulator/device)? If so could you ensure the entitlements file for the specific configuration you’re building contains the required keychain access groups? |
|
@Kyle-Reis @biozal Thanks for the updates. fyi: @amt-work |
|
@Kyle-Reis @biozal @jennyf19 I only have 1 entitlements file for all my configurations. I don't use a custom entitlements file usually, only for this. I also just ran the intunemamconfigurator tool with my plist and entitlements file, my files didn't get changed at all and I got the "Success!!!" result. |
Which Version of ADAL are you using ?
ADAL 5.1.0, intune SDK 11.0.8
Which platform has the issue?
Xamarin iOS
What authentication flow has the issue?
(iOS is using broker)
Is this a new or existing app?
The app is in production, and I have upgraded to a new version of ADAL and attempted to add in the intune SDK.
Repro
Similar issue: #1601
Similar issue: #1611
The issue is occurring when I am attempting to add the intune SDK to an existing application that has ADAL incorporated into it. When adding the line: authContext.iOSKeychainSecurityGroup = "com.microsoft.msalrocks" my app is no longer able to cache tokens. Removing this line allows it to do so, however this line seems to be needed in order to make the intune SDK work correctly. I am logging in with username and password, not using authenticator.
Expected behavior
App should store the token in the cache
Actual behavior
App is not storing the token in the cache. The call to authContext.AcquireTokenAsync(...), is returning a token but not caching it, returning the result "Failed to save adal cache record".
The text was updated successfully, but these errors were encountered: