citrix / citrix-mam-sdks

The MAM SDK instrument your apps to enable enforcing policies and controls that are configured in Citrix Endpoint Management.
https://developer.cloud.com/citrixworkspace/mobile-application-integration
11 stars 4 forks source link

Mam SDK does not work with Microsoft Authenticator #67

Open shafersystems opened 2 years ago

shafersystems commented 2 years ago

When using MSAL library for authentication and the user has Microsoft Authenticator installed, the Authenticator app is blocked from returning the token to the calling application. This is true even if +msauth.your.application.bundle is added to the list of allowed URL schemes in the application MDX policies.

jaspreetsingh-citrix commented 2 years ago

Hi Joel, Back in April, Chetan mentioned this issue and I believe I suggested the exact URL scheme used by the MSAuth app to return to the app, to be added to the "App URL schemes" policy, which it seems (+msauth.your.application.bundle) was already added. Is it possible to share the logs at the higher log level (maybe 10) to triage further?

shafersystems commented 2 years ago

Hi Jaspreet,

Yes, we are using the allowed App URL schemes in our policy with the following setting: +msauth.com.shafersystems.notate.worx,+msauth.com.shafersystems.notate.worx://auth,+citrixreceiverfd,+citrixreceiverfd://

Our customers started reporting this error as well, which is why we ended up disabling Microsoft Authenticator. How do I go about getting the logging that you are requesting?

Thanks, Joel

Joel Shafer | Founder and CEO | Notate by Shafer Systems | @.**@.> | +1 707-742-3375file:///tel/:..:+1-707-742-3375 office/cell

From: jaspreet1 @.> Date: Wednesday, August 3, 2022 at 5:43 PM To: citrix/citrix-mam-sdks @.> Cc: Joel Shafer @.>, Author @.> Subject: Re: [citrix/citrix-mam-sdks] Mam SDK does not work with Microsoft Authenticator (Issue #67)

Hi Joel, Back in April, Chetan mentioned this issue and I believe I suggested the exact URL scheme used by the MSAuth app to return to the app, to be added to the "App URL schemes" policy, which it seems (+msauth.your.application.bundle) was already added. Is it possible to share the logs at the higher log level (maybe 10) to triage further?

— Reply to this email directly, view it on GitHubhttps://github.com/citrix/citrix-mam-sdks/issues/67#issuecomment-1204556016, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AADMTJPW5M3BZG4D5DLCXRDVXLYXPANCNFSM55MUT6JA. You are receiving this because you authored the thread.Message ID: @.***>

jaspreetsingh-citrix commented 2 years ago

Hi @shafersystems.

To collect logs,

  1. Open SecureHub -> Help -> Report Issue -> (Select your app).

  2. This would flip to your app briefly and return to SecureHub. SecureHub would show a draft mail compose view.

  3. Don't type in anything just yet, scroll down to open Advanced log settings, 3.a. Check what is the Log Level set to. By default, if the log policies were not changed on CEM server for the app, it should be set "Info Messages (4)", but change it to at least Level 10. 3.b. If the user wants to send the logs through SecureMail if installed, then keep the last open "Send using Citrix SecureMail" enabled, or else disable it.

  4. If 3.a. was not changed, skip to Step5, or else if 3.a. was changed, 4.a. on going back to draft Report Issue mail to compose view, you would be asked to reproduce the issue. Clicking on Go to button, would flip to the app and there you can reproduce the issue again, which now would start logging with a higher log level. 4.b. Once reproduced, repeat Steps 1, 2, and 5.

  5. Once back in the Report issue draft mail-compose view, click on Send, this would produce native mail compose view or would flip to SecureMail. This should include a zipped support bundle with the required logs.

shafersystems commented 2 years ago

Hi Jaspreet,

Once SecureHub is stuck with the spinner, so there is no access to the menus. If I kill the app and restart it, then it briefly flashes (the U/I of the app is never shown), and then an android message appears at the top of the screen that says “wiping work profile” and then the app and work profile are gone.

As such, I don’t know how to get you logs. Am I missing something?

Thanks, Joel

Joel Shafer | Founder and CEO | Notate by Shafer Systems | @.**@.> | +1 707-742-3375file:///tel/:..:+1-707-742-3375 office/cell

From: jaspreet1 @.> Date: Wednesday, August 10, 2022 at 3:37 PM To: citrix/citrix-mam-sdks @.> Cc: Joel Shafer @.>, Mention @.> Subject: Re: [citrix/citrix-mam-sdks] Mam SDK does not work with Microsoft Authenticator (Issue #67)

Hi @shafersystemshttps://github.com/shafersystems. To collect logs,

  1. Open SecureHub -> Help -> Report Issue -> . This would flip to your app briefly and return to SecureHub. SecureHub would show a draft mail compose view. Don't type in anything just yet, scroll down to open Advanced log settings, 3.a. Check what is the Log Level set to. By default, if the log policies were not changed on CEM server for the app, it should be set "Info Messages (4)", but change it to atleast Level 10. 3.b. If the user wants to send the logs through SecureMail if installed, then keep the last open "Send using Citrix SecureMail" enabled, or else disable it. If 3.a. was not changed, skip to Step5, or else if 3.a. was changed, 4.a. on going back to draft Report Issue mail to compose view, you would be asked to reproduce the issue. Clicking on Go to button, would flip to the app and there you can reproduce the issue again, which now would start logging with higher log level. 4.b. Once reproduced, repeat Step 1, 2, and 5. Once back in the Report issue draft mail-compose view, click on Send, this would produce native mail compose view or would flip to SecureMail. This should include a zipped support bundle with the required logs.

— Reply to this email directly, view it on GitHubhttps://github.com/citrix/citrix-mam-sdks/issues/67#issuecomment-1211243481, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AADMTJKKCYFTOZ2J7L3XIE3VYQHIFANCNFSM55MUT6JA. You are receiving this because you were mentioned.Message ID: @.***>

jaspreetsingh-citrix commented 2 years ago

Android?

jaspreetsingh-citrix commented 2 years ago

Hi @shafersystems, I suppose I wasn't clear earlier. Do you see this issue on iOS or Android?

shafersystems commented 2 years ago

Hi @jaspreet1, we see this on Android.