1. 技术文章
  2. ADAL for iOS exception with a different user sign-on

ADAL for iOS exception with a different user sign-on

一笑奈何 提交于 2019-12-12 03:58:26

问题


I am using the ADAL iOS library for Azure authentication. However, I am having a problem if I first signed on with one account, and then sign-out and sign-in with another account. I get the following error, even though I set 'AD_PROMPT_ALWAYS'.

2015-08-31 12:50:39.939 PortalDev[908:174411] ADALiOS [2015-08-31 11:50:39 - xxx-xxx-xxx-xxx-xxx] ERROR: Error raised: 19. Additional Information: Domain: ADAuthenticationErrorDomain ProtocolCode:(null) Details:Different user was authenticated. Expected: 'aaa@xxx.com'; Actual: 'bbb@xxx.com'. Either the user entered credentials for different user, or cookie for different logged user is present. Consider calling acquireToken with AD_PROMPT_ALWAYS to ignore the cookie.. ErrorCode: 19.
2015-08-31 12:50:39.943 PortalDev[908:174411] ADAL Error: 19, Different user was authenticated. Expected: 'aaa@xxx.com'; Actual: 'bbb@xxx.com'. Either the user entered credentials for different user, or cookie for different logged user is present. Consider calling acquireToken with AD_PROMPT_ALWAYS to ignore the cookie. (status: 2)

I cleared the cache, and tried and cleared the cookies I think:

if (allItems.count > 0) {
            [cache removeAllWithError:&error];
            if (error) {
                CLSNSLog(@"Error clearing cache: %@", error.errorDetails);
            } else {
                CLSNSLog(@"Items removed.");
            }
        } else {
            CLSNSLog(@"Was no user cached.");
        }


        NSHTTPCookieStorage* cookieStorage = [NSHTTPCookieStorage sharedHTTPCookieStorage];
        NSArray* cookies = cookieStorage.cookies;
        if (cookies.count)
        {
            for(NSHTTPCookie* cookie in cookies)
            {
                CLSNSLog(@"Deleting Auth Cookie %@.", cookie.name);
                [cookieStorage deleteCookie:cookie];
            }
            CLSNSLog(@"Auth Cookies cleared.");
        }

But I don't think there were any cookies to clear. The username is pre-filled when I get the logon webpage. I thought it worked fine a few weeks/months ago, but now there seems a problem. I build the library fresh today from the latest GitHub source.

Any suggestions how I can make switching user name possible?


回答1:


The error message says:

Expected: 'aaa@xxx.com'; Actual: 'bbb@xxx.com'

That indicates that a userId parameter is being passed to acquireToken. That would cause the username field in the sign-in page to be prefilled. However, the error is saying that when the user signed in they changed the username field to a different user. Because you asked for a specific user but did not get a token for that user, acquireToken returns an error. See this answer for more detail:

ADAL iOS - Different user was authenticated. Expected userA@mydomain.com, actual userB@mydomain.com



来源:https://stackoverflow.com/questions/32312710/adal-for-ios-exception-with-a-different-user-sign-on

标签
ios
azure
azure-active-directory
adal
azure-ad-graph-api
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!