ADALError: BROKER_AUTHENTICATOR_NOT_RESPONDING

General

Description

In certain scenarios and devices, ADAL may generate a BROKER_AUTHENTICATOR_NOT_RESPONDING error. This is rooted in a failure for the application to communicate with the broker application (Microsoft Authenticator or Company Portal) due to the OEM limiting inter-app communication.

The bound service is responsible for doing interactive and silent auth for ADAL in brokered scenarios. If this communication between ADAL and brokers fails, ADAL will return BROKER_AUTHENTICATOR_NOT_RESPONDING back to the app. In silent authentication scenarios, this results in a failure to get a token. In interactive authentication scenarios, this will result in an error even before the user sees a prompt.

Impact

Devices & Android Version

There are several device manufactorers impacted by this issue including Samsung, Huawei, OnePlus, and Vivo. It's generally rooted in the devices exposing battery settings, but often is only exposed in a subset of the OEM's device lineup.

The error is not related to any particular Android version.

Library Versions

The error is not related to any particular ADAL version.

Azure AD Environments

The error can impact any tenant configuration that supports device-based sign in in Android.

Users

The error can impact any user type.

Remediation

General

The issue manifests itself differently on each platform. As such, there is general guidance as well as OEM-specific guidance.

We recommend implementing user guidance when ADAL generates this error. If possible, tailor this guidance to the device being used.

How to handle

Certain OEMs allow end users to limit the operating system's ability to launch secondary apps. Each device may expose a different setting to do this. As a general step for users, ask them to remove the Microsoft Authenticator or Intune Company Portal from these steps, generally inside power/battery saving menus.

Huawei: End users can limit AUTO-START in apps. Verify the Microsoft Authenticator or Intune Company Portal are not marked as Blocked or Deny.

Huawei Honor: End users experiencing this issue can resolve this by going into their Settings > Battery > Close apps after screen lock (or App launch ; Applications ; Background applications) > Uncheck Microsoft apps, specifically Microsoft Authenticator and Intune Company Portal.

Vivo: End users experiencing issues with Vivo devices may find updating certain settings resolves this issue. Specifically, go into Settings>More Settings>Permission Management> Select the Permission tab > Autostart > Startup > Enable for Intune Company Portal or Microsoft Authenticator.

Additional Resources

If you experience this issue, please raise a GitHub issue describing the conditions that led to the error, device, Android version, and any logs. Below we have outlined temporary workarounds for certain OEMs, and will continue to update this wiki.