cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Authentication with ADAL using managed Mobile devices

Alexander Adelmann
Copper Contributor

‎Jun 19 2017 06:04 AM - edited ‎Jun 19 2017 06:09 AM

‎Jun 19 2017 06:04 AM - edited ‎Jun 19 2017 06:09 AM

Authentication with ADAL using managed Mobile devices

Hi everybody,

 

I am facing a very strange authentication problem in my app.

To get a valid adal token I use the adaljs library, which works fine. I get a valid token and can connect to my Azure AppService. 

 

The app that runs in the Azure AppService then uses my adal token to get a new token. I create a UserAssertion object from the token I got from Javascript adaljs. I need to do this, because otherwise I could not connect to SharePoint Online without getting a 401 unauthorized.

 

The code works perfectly fine for desktop browsers but does fail when I try to access my AppService with a mobile device and a adfs managed user.

 

Using a "cloud only" user works fine, but whenever I try to use a user which gets synced from my AD I get the following error when trying to get the second token:

AADSTS50131: Your device is required to be managed to access this resource.

 

The problem here is that the device is definitely managed. When I add an exception for this user in intune, I can access the App via the mobile device.

 

Has anybody a clue what could be the problem here? Any help would be appreciated. 

 

Thanks in advance, 

Alex

3,044 Views
1 Like
3 Replies
Reply
3 Replies
Alexander Adelmann

‎Jun 26 2017 11:41 PM

‎Jun 26 2017 11:41 PM

Re: Authentication with ADAL using managed Mobile devices

I checked the App Service and O365 App yesterday and came across these preview settings in the graph api:

snip_20170627084019.png

 

Could it be possible that there is a connection between my problem and these new features?

 

best regards

Alex

 

 

 

0 Likes
Reply
Tim Buechel

‎Feb 08 2018 06:45 AM

‎Feb 08 2018 06:45 AM

Re: Authentication with ADAL using managed Mobile devices

Facing the same issue.  I have a published app through Azure AD App Proxy that works from a managed PC, but will not load from a mobile device.   The mobile device is Intune managed.  Getting the same error.  Any chance you found a resolution to this?

0 Likes
Reply
Alexander Adelmann

‎Feb 08 2018 06:49 AM

‎Feb 08 2018 06:49 AM

Re: Authentication with ADAL using managed Mobile devices

Hi Tim, I did not really manage to find a solution. I solved the issue by setting an exception for mobile browsers in the intunes settings. So basically we made the application accessible for not managed devices. All apps like Outlook and so forth still need a device to be managed, so it was ok for our client. If you ever find a real solution for this problem, it would be nice if you would share it with me ^^. Best regards Alex

0 Likes
Reply