citrix / citrix-mam-sdks

The MAM SDK instrument your apps to enable enforcing policies and controls that are configured in Citrix Endpoint Management.
https://developer.cloud.com/citrixworkspace/mobile-application-integration
11 stars 4 forks source link

Secure Hub offline authentication issue #135

Closed r-jarvis closed 2 weeks ago

r-jarvis commented 3 months ago

We are using the Citrix iOS SDK and having a bit of trouble getting our app authenticated when the device is offline. From my understanding of the documentation, when authenticating while offline Secure Hub should seamlessly handle this as long as the “Max Offline Period” has not been reached. I’ve made sure that the value is set to the default (7 days) when building our MDX file.

When our app executes CTXMAMAppCore.performLogon() we are sent to Secure Hub and shown the message “Your internet access is not currently available. Please check your Internet connection before trying again.”

In our CTXMAMLocalAuthSdkDelegate conformance, we are not seeing any callbacks firing for any of the delegate methods.

Are there any additional steps we need to perform in order to get our app to successfully authenticate while offline? I can send any logs from the device or Secure Hub if that would help.

Environment: Xcode 15.4, iOS 17.5.1, Citrix iOS SDK 24.7.1

ShawnInTibco commented 2 months ago

Hi @r-jarvis Let me answer your question in short firstly: “Max Offline Period” means you needn't login on online via SecureHub in this period. In this period, offline challenge will be raised if inactive timer expired. Developer can't take the initiative to raise offline challenge .

What's more, CTXMAMAppCore.performLogon() is used to sign in to the Secure Hub. according the api doc. https://developer-docs.citrix.com/en-us/mobile-application-integration/mam-sdk-for-ios-and-ipads/ctxmamappcore-h

r-jarvis commented 2 months ago

@ShawnInTibco Thanks for the clarification. If I understand this correctly, are you saying that we do not need to perform CTXMAMAppCore.performLogon() when attempting to authenticate offline? The user has already been authenticated in their previous session, so as long as “Max Offline Period” has not expired, then we should be good to use the SDK?

ShawnInTibco commented 2 months ago

@r-jarvis yes. you do not need to perform CTXMAMAppCore.performLogon(). When “Max Offline Period” expires, this api will be triggered automatic. Before “Max Offline Period” expires, user will be challenged with "offline pin code" if "inactive timer" expires.

r-jarvis commented 4 weeks ago

@ShawnInTibco I'm still not able to get this working unfortunately. I've gone through the documentation and maybe there is something that I'm missing.

I've reworked my logic so that we only run CTXMAMAppCore.performLogon() on the first app launch (That works as expected). On subsequent launches, if I do not run CTXMAMAppCore.performLogon() I am unable to make external API calls (When the device is online).

I am calling CTXMAMCore.initializeSDKs() followed by calls to CTXMAMConfigManager.shared().getPolicyValue(forKey:) to retrieve policy values. Those values are coming back correctly, but once I try to make an API call I am shown an alert "Compliance Alert - Please install Secure Hub to use this app".

If I use the exact same setup and run CTXMAMAppCore.performLogon() on every app launch before making the API calls everything works as expected.

Any ideas on what could be going on?

ShawnInTibco commented 3 weeks ago

did you ever wrap the app file? https://developer-docs.citrix.com/en-us/mobile-application-integration/mam-sdk-for-ios-and-ipads/generate-and-update-an-mdx-file

configure the script to your xcode and you will get an .mdx file, if you can get the .mdx file, means you have done everything ok. @r-jarvis

r-jarvis commented 2 weeks ago

@ShawnInTibco I believe our .mdx file is working correctly as everything works as intended when we are running the code with CTXMAMAppCore.performLogon() on every launch. Are you suggesting that there is potentially a setting in there that could be misconfigured to cause this behavior?

r-jarvis commented 2 weeks ago

@ShawnInTibco After playing around with my app, I think I now have this resolved. My issue was caused by an OOO problem in our implementation. Thanks for your help.