我正在尝试在Xamarin Forms(iOS和Android)中使用ADAL库for .NET来实现POC应用程序,以对我公司的Azure AD进行身份验证。我已经设法在两个平台上使用用户名/密码进行身份验证,并使用Microsoft Authenticator作为Android上的代理(Workplace Join)。
但我很难在iOS上使用Authenticator进行身份验证。我已将ADAL iOS的SSO指南用作参考(https://docs.microsoft.com/en-us/azure/active-directory/active-directory-sso-ios)。
当我点击我的测试登录按钮时,Authenticator应用程序会打开,但它只是保持打开状态,带有白色屏幕和取消按钮。 我已经尝试过iOS 9.3和iOS 10.我在设备日志中收到这些错误消息。
Warning (325) / Authenticator: ADALiOS [2016-11-28 11:04:35 - 9966AB28-6265-400D-91B4-F3B145D12FB9] VERBOSE: ADAL API call [Version - 2.0.2]. Additional Information: In function: +[ADBrokerContext getAllAccounts:], file line #632. ErrorCode: 0.
Warning (325) / Authenticator: ADALiOS [2016-11-28 11:04:35 - 9966AB28-6265-400D-91B4-F3B145D12FB9] VERBOSE: ADAL API call [Version - 2.0.2]. Additional Information: In function: -[ADKeychainTokenCacheStore allItemsWithError:], file line #419. ErrorCode: 0.
Warning (325) / Authenticator: ADALiOS [2016-11-28 11:04:35 - 9966AB28-6265-400D-91B4-F3B145D12FB9] VERBOSE: Keychain token cache store. Additional Information: (null). ErrorCode: 0.
Warning (325) / Authenticator: ADALiOS [2016-11-28 11:04:35 - 9966AB28-6265-400D-91B4-F3B145D12FB9] VERBOSE: ADAL API call [Version - 2.0.2]. Additional Information: In function: +[ADBrokerContext isBrokerRequest:returnUpn:], file line #157. ErrorCode: 0.
Warning (325) / Authenticator: ADALiOS [2016-11-28 11:04:35 - 9966AB28-6265-400D-91B4-F3B145D12FB9] VERBOSE: ADAL API call [Version - 2.0.2]. Additional Information: In function: +[ADBrokerContext isBrokerRequest:returnUpn:], file line #157. ErrorCode: 0.
Warning (325) / Authenticator: ADALiOS [2016-11-28 11:04:35 - 9966AB28-6265-400D-91B4-F3B145D12FB9] INFORMATION: Broker invoked from my.company.xamarinadaltest. Additional Information: (null). ErrorCode: 0.
Warning (325) / Authenticator: ADALiOS [2016-11-28 11:04:35 - 9966AB28-6265-400D-91B4-F3B145D12FB9] VERBOSE: ADAL API call [Version - 2.0.2]. Additional Information: In function: +[ADBrokerContext invokeBrokerImpl:sourceApplication:upn:webView:], file line #432. ErrorCode: 0.
Warning (325) / Authenticator: ADALiOS [2016-11-28 11:04:35 - 9966AB28-6265-400D-91B4-F3B145D12FB9] ERROR: Error raised: 2. Additional Information: Domain: ADAuthenticationErrorDomain Details: source application bundle identifier should be same as the redirect URI domain. ErrorCode: 2.
Warning (325) / Authenticator: ADALiOS [2016-11-28 11:04:35 - 9966AB28-6265-400D-91B4-F3B145D12FB9] ERROR: source application does not match redirect uri host. Additional Information: (null). ErrorCode: 0.
在代码中重定向URI:msauth://code/x-msauth-adaltest%3A%2F%2Fmy.company.xamarinadaltest
在Entitlements.plist中(我在Entitlements中尝试使用和不使用此功能 - 相同的结果):
<dict>
<key>keychain-access-groups</key>
<array>
<string>$(AppIdentifierPrefix)my.company.xamarinadaltest</string>
<string>$(AppIdentifierPrefix)com.microsoft.workplacejoin</string>
<string>$(AppIdentifierPrefix)com.microsoft.adalcache</string>
</array>
</dict>
在Info.plist中:
<key>CFBundleIdentifier</key>
<string>my.company.xamarinadaltest</string>
<key>CFBundleURLTypes</key>
<array>
<dict>
<key>CFBundleTypeRole</key>
<string>Editor</string>
<key>CFBundleURLName</key>
<string>my.company.xamarinadaltest</string>
<key>CFBundleURLSchemes</key>
<array>
<string>x-msauth-adaltest</string>
</array>
<key>CFBundleURLTypes</key>
<string>Editor</string>
</dict>
</array>
<key>LSApplicationQueriesSchemes</key>
<array>
<string>msauth</string>
</array>
在Azure门户中重定向URI:
msauth://code/x-msauth-adaltest://my.company.xamarinadaltest
x-msauth-adaltest://my.company.xamarinadaltest
msauth://code/x-msauth-adaltest%3A%2F%2Fmy.company.xamarinadaltest
根据指南(https://docs.microsoft.com/en-us/azure/active-directory/active-directory-sso-ios):
您的重定向URI必须采用以下格式:
<app-scheme>://<your.bundle.id>
所以我不明白错误“源应用程序包标识符应该与重定向URI域相同”。
有没有人设法让这个工作?看起来Authenticator正在使用旧版本的ADALiOS,这可能是一个问题吗?
答案 0 :(得分:0)
您需要使用x-msauth-adaltest://my.company.xamarinadaltest作为客户端代码中的重定向URL。 Msauth://重定向URL是Authenticator自动用于基于证书的身份验证流程的。