Cannot add a new item in the keychain. Error code: -25243. in ADAL iOS

Question

Created Sep ’15

Replies 1

Boosts 0

Views 2k

Participants 2

I have integrated microsoft's ADAL Library for iOS https://github.com/AzureAD/azure-activedirectory-library-for-objc.

I authenticated the azure's proxy share point site and keep the app in idle state for more than an hour. After I activate the app and click on any hyper-link I get the following error

Cannot add a new item in the keychain. Error code: -25243. Attributes: { acct = cHJhcGF0aWxAZXF1aW5peC5jb20; svce = "MSOpenTech.ADAL.1|aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tLzcyYWRiMjcxLTJmYzctNGFmZS1hNWVlLTlkZTZhNTlmNmJmYg|CC3513A0-0E69-4B4D-97FC-DFB6C91EE132|YzczOWU0ZmItNTE1ZC00N2JhLWIzOGMtZTk2MjZjOGRhODAy"; }. ErrorCode: 11. 2015-09-08 16:41:36.154 ProjectName[32578:3728597] ADALiOS [2015-09-08 11:11:36 - C739E4FB-515D-47BA-B38C-E9626C8DA802] ERROR: Error raised: 11. Additional Information: Domain: ADAuthenticationErrorDomain ProtocolCode:(null) Details:Cannot add a new item in the keychain. Error code: -25243. Attributes: { acct = cHJhcGF0aWxAZXF1aW5peC5jb20; svce = "MSOpenTech.ADAL.1|aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tLzcyYWRiMjcxLTJmYzctNGFmZS1hNWVlLTlkZTZhNTlmNmJmYg|MzE5ZWY2MTUtNGNiMi00ZTY1LTk3YmQtNjlhNWZlZDE2N2E0|YzczOWU0ZmItNTE1ZC00N2JhLWIzOGMtZTk2MjZjOGRhODAy"; }. ErrorCode: 11.

I have implemented the required methods as mentioned in the usage section of above link. I referred https://github.com/OfficeDev/Office-365-SDK-for-iOS/issues/83, http://stackoverflow.com/questions/7989258/ios-keychain-secitemadd-returns-25243, and http://stackoverflow.com/questions/4115744/how-to-share-keychain-data-between-ios-applications

How to keep the user authenticated even if the user keep the app in idle state for more than an hour? I ran the app in the device and keychain sharing group has been enabled.

Boost

Answer 1

DTS Engineer OP

Apple

Sep ’15

You’ll find error -25243 in in the OS X SDK (yeah, I know, that’s not great, r. 22681536), where it says:

errSecNoAccessForItem = -25243, /* The specified item has no access control. */

On iOS this error typically means that you’ve specified an access group (

kSecAttrAccessGroup

) in a keychain ‘add’ or ‘update’ call (

SecItemAdd

or

SecItemUpdate

) and that access group isn’t one of your app’s configured access groups.

As to what that means in the context of ADAL, that’s hard to say give that that library isn’t an Apple thing. You’ll either have to treat the library as your own code, and work out what’s going wrong at the boundary between the library and Apple’s frameworks, or escalate this issue with the library’s vendor.

ps QA1499 Security Framework Error Codes is a good resource for mysterious Security framework errors.

Another good resource is the

security

tool. For example:

$ security error -25243
Error: 0xFFFF9D65 -25243 The specified item has no access control.

pps I’ve moved your question to Core OS > Security because it’s all about security and unlikely to be Objective-C specific.

Share and Enjoy
—
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0