SSO for Cordova iOS App using brokered authentication

Question

I have successfully added SSO using ADAL plugin for direct authentication. Now I am trying to add Brokered authentication to satisfy the conditional access plolicies(Device ID registration and Intunes app protection ) applied on Azure AD. There is a support to add brokered authentication in the ADAL plugin but so far I am unable to get this working.(https://openbase.com/js/cordova-plugin-ms-adal-is-back/documentation#broker-support-1)

Issue is the document says to configure, ex: x-msauth-com-microsoft-mytestiosapp://com.microsoft.mytestiosapp as Redirect URI to call authenticator app. This does launch the Microsoft Authenticator App, but after the authentication it throws an exception saying Redirect Uri does not match the specified URI in the Azure AD application. At Azure you can only configure your Redirect Uri as bundle ID. ex: msauth.com.microsoft.mytestiosapp://auth

I have even tried MSAL Plugin as well, Here also I am able to achieve direct authentication (using safari) i.e getting the success tokens in the response but unable to find a way to launch the brokered authentication.

Note : I need solution either in ADAL or MSAL for iOS Cordova platform.

If anyone has come across this problem and able to crack it, your help is greatly appreciated.

Answer 1

It throws an exception saying Redirect Uri does not match the specified URI in the Azure AD application?

If brokered enabled application cannot authenticate?

When users are running the app on their phone, depending on which app users open first, they might be able to use the SSO functionality to access the app, or they might get an error message:

Try updating broker apps (MS Authenticator and MS Intune) on phones to the latest version to fix the issue.