search

microsoftconnect / intune-app-wrapping-tool-ios

This is the software for the Intune App Wrapping Tool for iOS.
54 stars 12 forks source link

First time login fails on wrapping with Wrapping Tool v19.4.0 #118

Open Akaps316 opened 2 months ago

Akaps316 commented 2 months ago

Describe the bug: We updated our Intune app to use the latest version of the Intune Wrapping Tool(19.4.0) However, we noticed an issue after upgrading, as follows:

To Reproduce Steps to reproduce the behavior:

  1. Make sure that you do not have Microsoft Authenticator on your iOS device.
  2. Install Seclore for Intune, you will be prompted to login
  3. Login will redirect you to install and use Microsoft Authenticator
  4. Authenticator will redirect you to Seclore for Intune again, where you will be shown the following error: "The operation could not be completed. MSALErrorDomain error -50000"

Expected behavior: We expected login to happen successfully

Screenshots and logs:

image (1)

IntuneMAMDiagnosticFiles.txt

Smartphone (please complete the following information):

Intune app wrapping tool (please complete the following information): Using Wrapper version 19.4 App is based in Objective-C Happening on all devices, not limited to a particular device

Additional context: Issue is not observed with Intune App Wrapping Tool version 19.1, however it is observed with all versions after that, including the latest (19.4).

ChismanRaheem commented 2 months ago

HI @Akaps316 This is typically an issue with the configuration for MSAL, please provide the command line parameters that was used so that we can understand how the application is being wrapped, if your application is integrated with msal please ensure you are using the latest version. ref: https://learn.microsoft.com/en-us/mem/intune/developer/app-wrapper-prepare-ios#command-line-parameters

Also check with you AAD team and ensure that the App Registration settings are aligned with our public documentation and that the app has the redirect url and access to the Intune MaM Service. ref: https://learn.microsoft.com/en-us/mem/intune/developer/app-wrapper-prepare-ios#register-your-app-with-microsoft-entra-id

Akaps316 commented 2 months ago

Hi @ChismanRaheem , The command line parameters are as follows: IntuneMAMPackager -i InputPath -o OutputPath -p ProvisioningProfile -c “SHA1 Hash” -ar ClientID -ac ReplyURI -v true

The settings are also good to go.

A thing to note here is, this is an issue that only comes when authenticating for the very first time after installing Microsoft Authenticator, and does not reoccur. If the app settings/wrapping method was wrong, the issue would be persistent, in my opinion. Similarly, the issue has only popped up from Wrapping Tool v19.2 onwards, and isn't visible on earlier versions.

Akaps316 commented 3 weeks ago

Hi @ChismanRaheem @wangxiaoms Any updates on this?