问题
I have integrated microsoft's ADAL library for iOS in my iOS objective C project. I authenticated the azure's proxy share point site and keep the app in idle state for more than an hour. After I activate the app and click on any hyper-link I get the following error
Error Domain=WebKitErrorDomain Code=102 "Frame load interrupted" UserInfo=0x1452d320 {NSErrorFailingURLKey=https://login.windows.net/*someToken*/oauth2/authorize?response_type=id_token&client_id=319ef615-4cb2-4e65-97bd-69a5fed167a4&scope=openid&nonce=90069b91-cacd-40a1-ae3e-13fbc0e50dff&response_mode=form_post&redirect_uri=https%3a%2f%2fintranetspqa.xyz.com%2fpages%2ffeed.aspx&state=AppProxyState%3a%7b%22IsMsofba%22%3afalse%2c%22OriginalQuery%22%3a%22%22%7d, NSErrorFailingURLStringKey=https://login.windows.net/*someToken*/oauth2/authorize?response_type=id_token&client_id=319ef615-4cb2-4e65-97bd-69a5fed167a4&scope=openid&nonce=90069b91-cacd-40a1-ae3e-13fbc0e50dff&response_mode=form_post&redirect_uri=https%3a%2f%2fintranetspqa.xyz.com%2fpages%2ffeed.aspx&state=AppProxyState%3a%7b%22IsMsofba%22%3afalse%2c%22OriginalQuery%22%3a
followed by
Cannot add a new item in the keychain. Error code: -25243. Attributes: {
acct = cHJhcGF0aWxAZXF1aW5peC5jb20;
svce = "MSOpenTech.ADAL.1|aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tLzcyYWRiMjcxLTJmYzctNGFmZS1hNWVlLTlkZTZhNTlmNmJmYg|CC3513A0-0E69-4B4D-97FC-DFB6C91EE132|YzczOWU0ZmItNTE1ZC00N2JhLWIzOGMtZTk2MjZjOGRhODAy";
}. ErrorCode: 11.
2015-09-08 16:41:36.154 ProjectName[32578:3728597] ADALiOS [2015-09-08 11:11:36 - C739E4FB-515D-47BA-B38C-E9626C8DA802] ERROR: Error raised: 11. Additional Information: Domain: ADAuthenticationErrorDomain ProtocolCode:(null) Details:Cannot add a new item in the keychain. Error code: -25243. Attributes: {
acct = cHJhcGF0aWxAZXF1aW5peC5jb20;
svce = "MSOpenTech.ADAL.1|aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tLzcyYWRiMjcxLTJmYzctNGFmZS1hNWVlLTlkZTZhNTlmNmJmYg|MzE5ZWY2MTUtNGNiMi00ZTY1LTk3YmQtNjlhNWZlZDE2N2E0|YzczOWU0ZmItNTE1ZC00N2JhLWIzOGMtZTk2MjZjOGRhODAy";
}. ErrorCode: 11.
Ignore some token and xyz in above urls.
I have implemented the required methods as mentioned in ADAL github. I referred ADAL forum and following links iOS Keychain SecItemAdd returns -25243 and How to share keychain data between iOS applications
I have two questions that might solve this issue : 1. If this is keychain sharing issue, what changes shall I make in project.entitlements file? 2. If I have to call refresh token to keep the user authenticated, how shall I call it using ADAL as I referred this link
回答1:
It appears that when you go to use the refresh token you fail as you don't have entitlements for the iOS keychain of the app that contains the refresh token. Let's try a few things:
- Can you make sure that you are using the "Capabilities" tab of your Target for your iOS app and that it is the same across all your applications?
- Make sure you have setSharedKeychainGroup: set in ADAL. This tells ADAL what keychain group you want to use for shared SSO.
From the Header file:
/*! The name of the keychain group to be used if sharing of cache between applications
is desired. Can be nil. The property sets the appropriate value of defaultTokenCacheStore
object. See apple's documentation for keychain groups: such groups require certain
entitlements to be set by the applications. Additionally, access to the items in this group
is only given to the applications from the same vendor. If this property is not set, the behavior
will depend on the values in the entitlements file (if such exists) and may not result in token
sharing. The property has no effect if other cache mechanisms are used (non-keychain). */
@property (getter = getSharedCacheKeychainGroup, setter = setSharedCacheKeychainGroup:) NSString* sharedCacheKeychainGroup;
来源:https://stackoverflow.com/questions/32521104/cannot-add-a-new-item-in-the-keychain-error-code-25243-in-adal-ios