👷‍♂️
Work
  • 💻SNOW
    • Catalog Forms
    • Knowledge Base
  • ☁️Azure
    • Graph Permissions
    • App Registration Auths
      • Postman
      • Graph ROPC Federated Account
        • MSAL UsernamePasswordCredential
        • Java
        • Python
        • C#/VB code Auth
      • Powershell
      • Java Auth x EWS
      • Python Auth x Sharepoint
      • C# Auth x Sharepoint
    • MFA
    • Dynamic Group
    • AAD Device Pending
    • O365 Device Enrollment
    • AAD Device Troubleshoot
    • AAD Mobile Troubleshooting
    • ADO Service Principal
    • External B2B
    • VLSC Admin
    • PowerBI Session Timeout
    • SSO issues
  • 🔓OKTA
    • SVC Account
    • OKTA Integration
    • Access Issues
  • 👷‍♂️Workday
    • Account Lifecycle
    • Coupa
  • 📨O365
    • OOF of Distribution List
    • Mailbox Recovery
    • Mailbox Existence
  • 🦄Misc
    • Windows Terminal
    • Google Auth Export
    • MS Teams Issues
  • 🌥️Cloud Stuff
    • 🚀Benchmarking
      • Vultr
    • 💳Cloud Server
    • ♻️Email and Spams
  • 🔬Open Source
    • Pending
      • Matrix/Synapse
      • Huginn
      • ChangeDetection
    • Tested
      • Codex Docs
      • Ghost Blog
      • n8n Automation
Powered by GitBook
On this page
  1. Azure

AAD Mobile Troubleshooting

PreviousAAD Device TroubleshootNextADO Service Principal

Last updated 7 months ago

Background:

  • A user is experiencing an "invalid credential" error when attempting to log in to a mobile app using OKTA.

  • The same credentials work on other platforms, including the mobile's Safari, except for O365.

  • The user is certain that the password entered is correct.

  • Logs tell us that the issue may be due to different encoding.

  • Capturing the network traffic will help diagnose the problem or provide evidence if escalation is needed.

Important Notes

  • Ensure the issue can be reproduced before performing these steps.

  • Handle the output file securely as it contains sensitive information.

Steps:

1. Prepare the Network:

- Connect the iPhone and the computer (used as a proxy) to the same network or subnet/VLAN.

- Ensure the Fiddler listening port (default is 8888) is not blocked on the computer. Temporarily disable the Windows firewall if necessary.

2. Install and Configure Fiddler on the Computer:

- In Fiddler, go to Tools -> Options -> Connections, and enable “Allow remote computers to connect”.

  1. Configure Fiddler for HTTPS Traffic:

    • Go to Tools -> Options -> HTTPS, and check “Decrypt HTTPS traffic”. Install and trust the Fiddler Root Certificate on the computer by following the prompts.

4. Install Certificate Maker Plugin for Fiddler:

- Restart Fiddler to apply changes.

- Hover over the Online indicator on the Fiddler toolbar to display the computer’s IP addresses.

- Ensure Fiddler is capturing traffic (indicated in the lower-left corner of Fiddler).

  1. Configure the iPhone:

    • Connect the iPhone to the same network as the computer via Wi-Fi. Disable 3G/4G connections.

    • Verify the iPhone can reach Fiddler by navigating to http://FiddlerMachineIP:8888 in a browser. This should display the Fiddler Echo Service page.

    • Go to Settings -> WLAN -> Select the connected Wi-Fi network -> Configure Proxy -> Manual.

    • Enter the IP address of the Fiddler machine in the Server box and the port (usually 8888) in the Port box. Ensure Authentication is off, then save the configuration.

    • In a browser on the iPhone, go to http://<FiddlerMachineIP>.fiddler:8888 and download the FiddlerRoot certificate from the Fiddler Echo Service webpage.

    • Open the FiddlerRoot.cer file and install it.

    • Go to Settings -> General -> About -> Certificate Trust Settings and manually enable full trust for the FiddlerRoot certificate. Accept the dialog about third-party eavesdropping.

  1. Reproduce the Issue:

    • On the iPhone, open “Authenticator” and attempt to log in to reproduce the issue.

    • Once the issue is reproduced, stop Fiddler capturing by clicking “Capturing” in the lower-left corner of Fiddler.

    • Save the captured sessions by clicking File and selecting Save.

      

- Download Fiddler from

- Download and install the Certificate Maker Plugin from

☁️
https://www.telerik.com/download/fiddler
https://www.telerik.com/fiddler/add-ons