microsoftconnect / intune-app-wrapping-tool-ios

This is the software for the Intune App Wrapping Tool for iOS.
55 stars 12 forks source link

IntuneOpenInAction issue #62

Closed songmw90 closed 3 years ago

songmw90 commented 3 years ago

Steps to reproduce the action:

  1. During wrapping, the following message appears.

"WARNING: This application supports opening one or more file types, but does not have the appropriate entitlements to be supported with Intune APP. An additional provisioning profile needs to be specified using the -x command line argument. This profile must have a wildcard application-identifier or must have an application-identifier of '${PRODUCT_BUNDLE_IDENTIFIER}.IntuneOpenInAction' and must contain at least one application group which is shared with the main application. If this profile is not specified, other Intune APP enabled applications will not be able to send files to this application."

Intune App Wrapping Tool (Please fill in the following information): -What version of the wrapper are you using? Are you using the latest version? -> 14.3.5

Additional context: First, we are using the Apple Enterprise program Also, use the app using the inhouse provisioning profile.

I tried to use this tool to apply Intune to an in-house app, but I get the above warning. I tried to apply an additional provisioning profile that added "IntuneOpenInAction" to the Identifier using the -x parameter, but it does not work.

The command used is:

/Volumes/IntuneMAMAppPackager/IntuneMAMPackager/Contents/MacOS/IntuneMAMPackager -i {APP}.ipa -o {Out}.ipa -p profile.mobileprovision -x addtional_profile.mobileprovision -c "........" -v true -e

I tried using wildcards, but it didn't work, and I tried changing the app name itself to'$ {PRODUCT_BUNDLE_IDENTIFIER} .IntuneOpenInAction', but in that case It does not work properly, such as'$ {PRODUCT_BUNDLE_IDENTIFIER} .$ {PRODUCT_BUNDLE_IDENTIFIER}.IntuneOpenInAction'

In addition, we have a number of Apple accounts with different privileges. When the identifier is wildcarded, there was a phenomenon in which the Identifier was not listed when the Inhouse provisioning profile was created in certain accounts.

Is there any clear manual for Identifier? The docs on the official website are out of date and there is no mention of wildcard at all, so is IntuneOpenAction. We didn't even know if this condition was necessary before we turned the tool.

We built and tested Android using the wrapping tool, but we can't apply intune because of iOS. Before using this tool, is there any pre-processing process in the app? Or should I use the SDK?

Kyle-Reis commented 3 years ago

Hi @songmw90. Usage of the "-x" option is shown in the help text of the app wrapping tool: ./IntuneMAMPackager/Contents/MacOS/IntuneMAMPackager -i /Users/myadmin/Documents/MyExtensionApp.ipa -o /Users/myadmin/Documents/MyExtensionApp_Wrapped.ipa -p /Users/myadmin/Documents/My_ProvisioningProfile.mobileprovision -c "iPhone Developer: Developer Name (ABCXYZ1234)" -x \<array\>\<string\>/Users/myadmin/Documents/My_Share_Extension.mobileprovision\</string\>\<string\>/Users/myadmin/Documents/My_Document_Provider_Extension.mobileprovision\</string\>\</array\>

Generally, the "-x" option is used to specify a list of provisioning profiles used to sign any extensions the app might integrate. In most cases, it isn't needed.

Some apps (like yours) require that the Intune app wrapping tool inject a new action extension, so that the app can receive the file types which it supports from other Intune-managed applications. Because the new extension is being added in this case, the "-x" option needs to be specified with a list containing the new profile mentioned so that the extension can also be signed.

I think the issue here may be in how the additional provisioning profile is being provided to the "-x" option. Since that argument takes a list of provisioning profiles rather than just a single profile, the -x option in the command you shared should be formatted like this:

-x \<array\>\<string\>/Users/myadmin/Documents/My_Share_Extension.mobileprovision\</string\>\</array\>

Note: backslashes need to be used to escape the special terminal characters. It may be easier to just use a plist to specify all the arguments, and run the wrapping tool by running:

/Volumes/IntuneMAMAppPackager/IntuneMAMPackager/Contents/MacOS/IntuneMAMPackager -f [PATH_TO_INPUT_PLIST]

A sample argument plist file is included in the root of the mounted volume.

Hope this helps!

songmw90 commented 3 years ago

The issue seems to be resolved.

I couldn't figure out that the -x command should take the format even if it uses only one provision. Wrapping succeeded as I modified the format as the answer.

Thanks for the help