无法在钥匙串中添加新项目。错误代码:-25243。在 ADAL iOS
Cannot add a new item in the keychain. Error code: -25243. in ADAL iOS
我在我的 iOS objective C 项目中集成了微软的 ADAL library for iOS。我对 azure 的代理共享点站点进行了身份验证,并将应用程序保持在空闲状态超过一个小时。在我激活应用程序并单击任何 hyper-link 后,我收到以下错误
Error Domain=WebKitErrorDomain Code=102 "Frame load interrupted" UserInfo=0x1452d320 {NSErrorFailingURLKey=https://login.windows.net/*someToken*/oauth2/authorize?response_type=id_token&client_id=319ef615-4cb2-4e65-97bd-69a5fed167a4&scope=openid&nonce=90069b91-cacd-40a1-ae3e-13fbc0e50dff&response_mode=form_post&redirect_uri=https%3a%2f%2fintranetspqa.xyz.com%2fpages%2ffeed.aspx&state=AppProxyState%3a%7b%22IsMsofba%22%3afalse%2c%22OriginalQuery%22%3a%22%22%7d, NSErrorFailingURLStringKey=https://login.windows.net/*someToken*/oauth2/authorize?response_type=id_token&client_id=319ef615-4cb2-4e65-97bd-69a5fed167a4&scope=openid&nonce=90069b91-cacd-40a1-ae3e-13fbc0e50dff&response_mode=form_post&redirect_uri=https%3a%2f%2fintranetspqa.xyz.com%2fpages%2ffeed.aspx&state=AppProxyState%3a%7b%22IsMsofba%22%3afalse%2c%22OriginalQuery%22%3a
接着是
Cannot add a new item in the keychain. Error code: -25243. Attributes: {
acct = cHJhcGF0aWxAZXF1aW5peC5jb20;
svce = "MSOpenTech.ADAL.1|aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tLzcyYWRiMjcxLTJmYzctNGFmZS1hNWVlLTlkZTZhNTlmNmJmYg|CC3513A0-0E69-4B4D-97FC-DFB6C91EE132|YzczOWU0ZmItNTE1ZC00N2JhLWIzOGMtZTk2MjZjOGRhODAy";
}. ErrorCode: 11.
2015-09-08 16:41:36.154 ProjectName[32578:3728597] ADALiOS [2015-09-08 11:11:36 - C739E4FB-515D-47BA-B38C-E9626C8DA802] ERROR: Error raised: 11. Additional Information: Domain: ADAuthenticationErrorDomain ProtocolCode:(null) Details:Cannot add a new item in the keychain. Error code: -25243. Attributes: {
acct = cHJhcGF0aWxAZXF1aW5peC5jb20;
svce = "MSOpenTech.ADAL.1|aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tLzcyYWRiMjcxLTJmYzctNGFmZS1hNWVlLTlkZTZhNTlmNmJmYg|MzE5ZWY2MTUtNGNiMi00ZTY1LTk3YmQtNjlhNWZlZDE2N2E0|YzczOWU0ZmItNTE1ZC00N2JhLWIzOGMtZTk2MjZjOGRhODAy";
}. ErrorCode: 11.
忽略上面网址中的一些标记和xyz。
我已经实现了 ADAL github 中提到的所需方法。
我提到了 ADAL forum 并关注了 link
iOS Keychain SecItemAdd returns -25243 和
How to share keychain data between iOS applications
我有两个问题可以解决这个问题:1. 如果这是钥匙串共享问题,我应该在 project.entitlements 文件中做些什么修改? 2. 如果我必须调用刷新令牌来保持用户身份验证,我应该如何使用我提到的 ADAL 来调用它 this link
您似乎在使用刷新令牌时失败了,因为您没有包含刷新令牌的应用程序的 iOS 钥匙串的权利。让我们尝试一些事情:
- 您能否确保您正在为您的 iOS 应用程序使用 Target 的 "Capabilities" 选项卡,并且它在您的所有应用程序中都是相同的申请?
- 确保您在 ADAL 中设置了 setSharedKeychainGroup:。这会告诉 ADAL 您要将哪个钥匙串组用于共享 SSO。
来自头文件:
/*! The name of the keychain group to be used if sharing of cache between applications
is desired. Can be nil. The property sets the appropriate value of defaultTokenCacheStore
object. See apple's documentation for keychain groups: such groups require certain
entitlements to be set by the applications. Additionally, access to the items in this group
is only given to the applications from the same vendor. If this property is not set, the behavior
will depend on the values in the entitlements file (if such exists) and may not result in token
sharing. The property has no effect if other cache mechanisms are used (non-keychain). */
@property (getter = getSharedCacheKeychainGroup, setter = setSharedCacheKeychainGroup:) NSString* sharedCacheKeychainGroup;
我在我的 iOS objective C 项目中集成了微软的 ADAL library for iOS。我对 azure 的代理共享点站点进行了身份验证,并将应用程序保持在空闲状态超过一个小时。在我激活应用程序并单击任何 hyper-link 后,我收到以下错误
Error Domain=WebKitErrorDomain Code=102 "Frame load interrupted" UserInfo=0x1452d320 {NSErrorFailingURLKey=https://login.windows.net/*someToken*/oauth2/authorize?response_type=id_token&client_id=319ef615-4cb2-4e65-97bd-69a5fed167a4&scope=openid&nonce=90069b91-cacd-40a1-ae3e-13fbc0e50dff&response_mode=form_post&redirect_uri=https%3a%2f%2fintranetspqa.xyz.com%2fpages%2ffeed.aspx&state=AppProxyState%3a%7b%22IsMsofba%22%3afalse%2c%22OriginalQuery%22%3a%22%22%7d, NSErrorFailingURLStringKey=https://login.windows.net/*someToken*/oauth2/authorize?response_type=id_token&client_id=319ef615-4cb2-4e65-97bd-69a5fed167a4&scope=openid&nonce=90069b91-cacd-40a1-ae3e-13fbc0e50dff&response_mode=form_post&redirect_uri=https%3a%2f%2fintranetspqa.xyz.com%2fpages%2ffeed.aspx&state=AppProxyState%3a%7b%22IsMsofba%22%3afalse%2c%22OriginalQuery%22%3a
接着是
Cannot add a new item in the keychain. Error code: -25243. Attributes: {
acct = cHJhcGF0aWxAZXF1aW5peC5jb20;
svce = "MSOpenTech.ADAL.1|aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tLzcyYWRiMjcxLTJmYzctNGFmZS1hNWVlLTlkZTZhNTlmNmJmYg|CC3513A0-0E69-4B4D-97FC-DFB6C91EE132|YzczOWU0ZmItNTE1ZC00N2JhLWIzOGMtZTk2MjZjOGRhODAy";
}. ErrorCode: 11.
2015-09-08 16:41:36.154 ProjectName[32578:3728597] ADALiOS [2015-09-08 11:11:36 - C739E4FB-515D-47BA-B38C-E9626C8DA802] ERROR: Error raised: 11. Additional Information: Domain: ADAuthenticationErrorDomain ProtocolCode:(null) Details:Cannot add a new item in the keychain. Error code: -25243. Attributes: {
acct = cHJhcGF0aWxAZXF1aW5peC5jb20;
svce = "MSOpenTech.ADAL.1|aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tLzcyYWRiMjcxLTJmYzctNGFmZS1hNWVlLTlkZTZhNTlmNmJmYg|MzE5ZWY2MTUtNGNiMi00ZTY1LTk3YmQtNjlhNWZlZDE2N2E0|YzczOWU0ZmItNTE1ZC00N2JhLWIzOGMtZTk2MjZjOGRhODAy";
}. ErrorCode: 11.
忽略上面网址中的一些标记和xyz。
我已经实现了 ADAL github 中提到的所需方法。 我提到了 ADAL forum 并关注了 link iOS Keychain SecItemAdd returns -25243 和 How to share keychain data between iOS applications
我有两个问题可以解决这个问题:1. 如果这是钥匙串共享问题,我应该在 project.entitlements 文件中做些什么修改? 2. 如果我必须调用刷新令牌来保持用户身份验证,我应该如何使用我提到的 ADAL 来调用它 this link
您似乎在使用刷新令牌时失败了,因为您没有包含刷新令牌的应用程序的 iOS 钥匙串的权利。让我们尝试一些事情:
- 您能否确保您正在为您的 iOS 应用程序使用 Target 的 "Capabilities" 选项卡,并且它在您的所有应用程序中都是相同的申请?
- 确保您在 ADAL 中设置了 setSharedKeychainGroup:。这会告诉 ADAL 您要将哪个钥匙串组用于共享 SSO。
来自头文件:
/*! The name of the keychain group to be used if sharing of cache between applications
is desired. Can be nil. The property sets the appropriate value of defaultTokenCacheStore
object. See apple's documentation for keychain groups: such groups require certain
entitlements to be set by the applications. Additionally, access to the items in this group
is only given to the applications from the same vendor. If this property is not set, the behavior
will depend on the values in the entitlements file (if such exists) and may not result in token
sharing. The property has no effect if other cache mechanisms are used (non-keychain). */
@property (getter = getSharedCacheKeychainGroup, setter = setSharedCacheKeychainGroup:) NSString* sharedCacheKeychainGroup;