Closed yanfenz closed 1 week ago
ChismanRaheem
commented
6 months ago Hi @yanfenz Thanks for reaching out. Within the entitlement file try adding your bundle id as the first string in the array.
<key>keychain-access-groups</key>
<array>
<string>YOURBUNDLESEEDID.*</string>
</array> 
yanfenz
commented
6 months ago Hi @ChismanRaheem
Please see the below screenshot of the entitlement file, we have already added our bundle id (which I strikethrough in red) as the first string in the array. But the error is still shown.
ChismanRaheem
commented
6 months ago @yanfenz Could you please supply the logs containing the complete error message? In some instances, this particular symptom may arise from a different underlying issue.
yanfenz
commented
5 months ago Hi @ChismanRaheem Please see the attached Intune logs. I have hidden the actual bundle ID with "****bundle-id****". in the logs. Intune logs.txt
ChismanRaheem
commented
5 months ago HI @yanfenz I have not been able to reproduce this issue please let me know if this occurs for every project and if you have a sample for my team and I to review?
yanfenz
commented
5 months ago Hi @ChismanRaheem We have only implemented the Intune MAM into one project. If it works, we will replicate it into other projects. But we have encountered this error and can't proceed. Is there any way that we can troubleshoot and what other information do you require to troubleshoot? Thanks!
ChismanRaheem
commented
5 months ago @yanfenz I appreciate the update. To further assist with the troubleshooting process, it would be beneficial if you could share a sample GitHub repository with us. Currently, I'm unable to replicate the problem, and it may prove challenging without the precise steps to recreate it. Additionally, I suggest you clone our sample code from the provided link and integrate your business logic to determine if the same issue arises, https://github.com/msintuneappsdk/Chatr-Sample-Intune-iOS-App.git
ChismanRaheem
commented
5 months ago Addition troubleshooting as requested: Please provide the codesign output of ' codesign -d --entitlements - path_to_app'
Note: The codesign command will be used to display code signatures, as well as inquire into the dynamic status of signed code in the system.
codesign -d [-v] [path|pid ...]
-d, --display
Display information about the code at the path(s) given. Increas-
ing levels of verbosity produce more output. The format is
designed to be moderately easy to parse by simple scripts while
still making sense to human eyes. In addition, the -r, --file-
list, --extract-certificates, and --entitlements options can be
used to retrieve additional information.
--entitlements path
When signing, take the file at the given path and embed its con-
tents in the signature as entitlement data. If the data at path
does not already begin with a suitable binary ("blob") header,
one is attached automatically.
When displaying a signature, extract any entitlement data from
the signature and write it to the path given. Use "-" to write to
standard output. By default, the binary "blob" header is
returned intact; prefix the path with a colon ":" to automati-
cally strip it off. If the signature has no entitlement data,
nothing is written (this is not an error).Addition troubleshooting as requested: Please provide the codesign output of
' codesign -d --entitlements - path_to_app'Note: The codesign command will be used to display code signatures, as well as inquire into the dynamic status of signed code in the system.
codesign -d [-v] [path|pid ...] -d, --display Display information about the code at the path(s) given. Increas- ing levels of verbosity produce more output. The format is designed to be moderately easy to parse by simple scripts while still making sense to human eyes. In addition, the -r, --file- list, --extract-certificates, and --entitlements options can be used to retrieve additional information. --entitlements path When signing, take the file at the given path and embed its con- tents in the signature as entitlement data. If the data at path does not already begin with a suitable binary ("blob") header, one is attached automatically. When displaying a signature, extract any entitlement data from the signature and write it to the path given. Use "-" to write to standard output. By default, the binary "blob" header is returned intact; prefix the path with a colon ":" to automati- cally strip it off. If the signature has no entitlement data, nothing is written (this is not an error).
Hi @ChismanRaheem this is the output: Executable=/Users/venpep/Library/Developer/CoreSimulator/Devices/A103C039-774A-43D2-8C31-1EDDE6FEE679/data/Containers/Bundle/Application/6A7DDB19-04D3-42EF-A081-B25CD1618B24/BoardVision.app/BoardVision [Dict] [Key] com.apple.security.get-task-allow [Value] [Bool] true
ChismanRaheem
commented
5 months ago HI @yanfenz Thank you for the quick response, I noticed that your action was completed on CoreSimulator, I am respectfully requesting if you can complete the same action items on a device build and upload the output at your earliest convenience.
yanfenz
commented
5 months ago HI @yanfenz Thank you for the quick response, I noticed that your action was completed on CoreSimulator, I am respectfully requesting if you can complete the same action items on a device build and upload the output at your earliest convenience.
Hi @ChismanRaheem this is the output, I have hidden the actual bundle ID with * [Dict] [Key] application-identifier [Value] [String] B5RVXC4CG6.sg.com.tr**.b** [Key] aps-environment [Value] [String] development [Key] com.apple.developer.team-identifier [Value] [String] B5RVXC4CG6 [Key] get-task-allow [Value] [Bool] true [Key] keychain-access-groups [Value] [Array] [String] B5RVXC4CG6.sg.com.tr**.b** [String] B5RVXC4CG6.com.microsoft.intune.mam [String] B5RVXC4CG6.com.microsoft.adalcache
yanfenz
commented
4 months ago @yanfenz I appreciate the update. To further assist with the troubleshooting process, it would be beneficial if you could share a sample GitHub repository with us. Currently, I'm unable to replicate the problem, and it may prove challenging without the precise steps to recreate it. Additionally, I suggest you clone our sample code from the provided link and integrate your business logic to determine if the same issue arises, https://github.com/msintuneappsdk/Chatr-Sample-Intune-iOS-App.git
Hi @ChismanRaheem May I check if there is any update on this issue? Our app is already following the same github repo to implement the Intune MAM.
ChismanRaheem
commented
4 months ago Hi @yanfenz we need more information to help you, as of now when using the code sample please let me know how you are reproducing the issue. Please create a service ticket and provide me the case number so that we can capture more information to better assist you. Thanks
yanfenz
commented
4 months ago Hi @ChismanRaheem we have followed this guide to integrate the Intune SDK into our ios app: https://learn.microsoft.com/en-us/mem/intune/developer/app-sdk-ios-phase3
Can you please let me know where should I create the service ticket? Thanks!
ChismanRaheem
commented
4 months ago @yanfenz Please email me directly at raheem.chisman@microsoft.com so that I can start collecting data that can be securely transferred to your case.
Collect logs:
ChismanRaheem
commented
1 week ago @yanfenz I will be archiving this case as you are no longer reaching out directly with this error. If you are still experiencing this specific issue, please lmk and provided logs and we can continue efforts.
Hello,
After integrated the Intune MAM in iOS app, it is not working, and we find out this error in the apps logs.
IntuneMAM: WARNING: App might display unpredictable behavior as protected group B5RVXC4CG6.com.microsoft.intune.mam is the first access group in keychain entitlements. Please fix this by making any other keychain group as the first access group in keychain entitlements.
We have already put the com.microsoft.intune.mam as the second keychain group. But it stills show this error.
Can anyone pls help on this? Thanks!