Using the ADAL library with a government account, the authorization token request fails due to a server timeout. The token is needed to make EWS calls to the server. The authority being used is "https://logon.microsoftonline.us". The resource is "https://outlook.office.us".
There is no issue when retrieving a token from a public tenant (our company tenant) and our product. We receive the token using ""https://logon.microsoftonline.com". The resource is "https://outlook.office.com".
We can access the server with the same credentials at "https://owa.us.af.mil/f5-w-{REDACTED}/adfs/ls/?client-request-id={REDACTED}". But ADAL times out with "https://federation.us.af.mil/adfs/ls/?login_hint={REDACTED}.af.mil&client-request-id={REDACTED}&username={REDACTED}.af.mil&wa=wsignin1.0&wtrealm={REDACTED}"
Does the government server have the proper ADFS configuration? If so, what would be the probable solution?
Is our tenant setup correctly? Do we need a public tenant for public app access and a government tenant for government clients? Or can those be interchangeable?
We setup a public and a government AAD app to handle token requests. We thought that could have been the issue. No change. I also did several variations on the authority and resources used in the request. No change. I even tapped into ADAL and use our HTTPS protocol instead of the standard Apple HTTPS protocol.
Below is the context setup and token call method used.
let authContext = ADAuthenticationContext(authority: authority, validateAuthority: true, error: &error)
authContext?.credentialsType = AD_CREDENTIALS_EMBEDDED
authContext?.acquireToken(withResource: self.resource, clientId: self.clientId, redirectUri: self.redirectUri,
userId: self.userID!, completionBlock: { result in })
The token request will always timeout at this point:
ADAL 2.7.5 iOS Sim 12.1 [2018-12-12 17:14:38 - F06F784C-7F5B-4231-BE34-714AF8204357] -webAuthDidFailWithError: Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x600002fa5380 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=https://federation.us.af.mil/adfs/ls/?login_hint={REDACTED}.af.mil&client-request-id={REDACTED}&username={REDACTED}.af.mil&wa=wsignin1.0&wtrealm={REDACTED}
The user experiences a pop up window with a blank screen. The window would normally show text asking for permission to use the app. A timeout message hits about 60 seconds later.
