Just after login we call an adapter to set active user identity. This adapter
has the following line of code:
WL.Server.setActiveUser(myrealm, null);
WL.Server.setActiveUser(myrealm,{displayName: param, userId:"abcd",
attributes:{'firstname':"aaaa"}});
var gact = WL.Server.getActiveUser(myrealm);
return gact;
it gives the following error:
[ERROR] FWLSE0243E: Unable to set the active user for realm 'xx'. The
supplied userIdentity is not accepted by the login module.
[ERROR ] FWLSE0035E: Invocation of procedure 'X' failed.
[ERROR ] FWLSE0048E: Unhandled exception caught: SRVE0209E: Writer already obtained
Need advice? How to solve this issue? We want to set some userIdentity until the user is logged in.
Related
An app that has been working successfully for a couple years has started throwing the following error whenever trying to respond to the NEW_PASSWORD_REQUIRED challenge with AWS Cognito:
{"__type":"NotAuthorizedException","message":"Cannot modify an already provided email"}
I'm sending the below, which all seems to match the docs.
{
"ChallengeName": "NEW_PASSWORD_REQUIRED",
"ClientId": <client_id>,
"ChallengeResponses": {
"userAttributes.email": "test#example.com",
"NEW_PASSWORD": "testP#55w0rd",
"USERNAME": "testfake"
},
"Session": <session_id>
}
Nothing has changed on the front end; is there a configuration change we might have done on the Cognito/AWS side that might cause this error?
I started getting the same error recently. I'm following Use case 23 Authenticate a user and set new password for a user. After some investigation, I found that it is the email attribute in userAttributes that's causing completeNewPasswordChallenge to throw the error. The userAttributes I get from authenticateUser used to be an empty object {}, but it now looks like this:
{ email_verified: 'true', email: 'test#example.com' }
I had to delete the email attribute (as well as the email_verified attribute as shown in the example code in Use case 23) before using the userAttribute for a completeNewPasswordChallenge. So my code is now like this:
cognitoUser.authenticateUser(authenticationDetails, {
...
newPasswordRequired: function(userAttributes, requiredAttributes) {
// the api doesn't accept this field back
delete userAttributes.email_verified;
delete userAttributes.email; // <--- add this line
// store userAttributes on global variable
sessionUserAttributes = userAttributes;
}
});
// ... handle new password flow on your app
handleNewPassword(newPassword) {
cognitoUser.completeNewPasswordChallenge(newPassword, sessionUserAttributes);
}
I guess aws changed their api recently, but I haven't found any doc about this change. Even though the value of the email attribute is the same as the actual email of the user, it throws the Cannot modify an already provided email error if you include it in the request. Deleting it solves the issue.
I'm trying to run MFP8's push sample app of GitHub. But MFPPush.registerDevice method failed and error message "Failed to register device:" was shown.
function registerDevice() {
WLAuthorizationManager.obtainAccessToken("push.mobileclient").then(
MFPPush.registerDevice(
null,
function(successResponse) {
navigator.notification.alert("Successfully registered");
enableButtons();
},
function(failureResponse) {
navigator.notification.alert("Failed to register");
console.log("Failed to register device:" +
JSON.stringify(failureResponse));
}
)
);
}
I read the MFP8 document and found the note below.
Note: Authenticated notifications are currently not supported in Cordova applications due to a defect. However a workaround is provided: each MFPPush API call can be wrapped by WLAuthorizationManager.obtainAccessToken("push.mobileclient").then( ... );. The provided sample application uses this workround.
The sample code is wrapped by WLAuthorizationManager.obtainAccessToken indeed. But I think MFPPush.registerDevice may be called before 'obtainAccessToken' completes because return value of MFPPush.registerDevice's method is specified as Promise.then() parameter instead of function that call MFPPush.registerDevice.
So I think the sample should be written as bellow,
function registerDevice() {
WLAuthorizationManager.obtainAccessToken("push.mobileclient").then(
function() {
MFPPush.registerDevice(
null,
function(successResponse) {
navigator.notification.alert("Successfully registered");
enableButtons();
},
function(failureResponse) {
navigator.notification.alert("Failed to register");
console.log("Failed to register device:" +
JSON.stringify(failureResponse));
}
)
);
}
}
Could anyone give me some advice about that?
There is additional information. In device log these messages were logged.
Of course, I registered UserLogin security check to MobileFirst Server and UserLogin challengeHandler is created in UserLoginChallengeHandler.js
(I have not changed except bundleId)
2018-02-10 19:42:47.271015+0900 PushNotificationsCordova[1273:1500711] Failed to register device:"Error Domain=com.ibm.mfp.push Code=5 \"Error authenticating client. Error is 'Challenge handler does not exist. There is no registered challenge handler with key UserLogin'.\" UserInfo={networkMetadata={\n \"$bytesSent\" = 120;\n \"$category\" = network;\n \"$outboundTimestamp\" = 1518259366869;\n \"$path\" = \"http://192.168.0.105:9080/mfp/api/preauth/v1/preauthorize\";\n \"$requestMethod\" = POST;\n \"$trackingid\" = \"F8FD4A96-B046-4DAD-87F6-7441E8426C2E\";\n}, NSLocalizedDescription=Error authenticating client. Error is 'Challenge handler does not exist. There is no registered challenge handler with key UserLogin'.}"
I am getting below error while following tutorial here.
https://hyperledger.github.io/composer/unstable/managing/current-participant.html
I have created one Participant and issued identity to it. But in my transaction processor function,when I verify the participant ID of the current participant by using the getCurrentParticipant function through rest apis I get below error.
{
"error": {
"statusCode": 500,
"name": "Error",
"message": "error trying invoke chaincode. Error: chaincode error (status: 500, message: TypeError: cannot read property 'getFullyQualifiedIdentifier' of null)",
"stack": "Error: error trying invoke chaincode. Error: chaincode error (status: 500, message: TypeError: cannot read property 'getFullyQualifiedIdentifier' of null)\n at _initializeChannel.then.then.then.then.catch (/home/praval/.nvm/versions/node/v6.11.1/lib/node_modules/composer-rest-server/node_modules/composer-connector-hlfv1/lib/hlfconnection.js:847:34)"
}
}
Can anybody explain the reason?
It looks like the mapping from certificate to participant is not in place. The easiest way to test this is to use the composer identity issue command and then use composer network ping -- which will return the current participant. Once that is working then getCurrentParticipant() should work.
https://hyperledger.github.io/composer/managing/identity-issue.html
When you composer network ping your participant will try to access the network metadata. The ACL rule below will permit this access. Please ensure that you are using the latest version of the basic-sample-network which includes this rule.
rule SystemACL {
description: "System ACL to permit all access"
participant: "org.hyperledger.composer.system.Participant"
operation: ALL
resource: "org.hyperledger.composer.system.**"
action: ALLOW
}
I am using mobile first CLI 7.1 and trying to integrate with the LDAP.
I am following this document to implement. I am getting 401 error (Failed to load resource: the server responded with a status of 401 (Unauthorized)) when loading the application for first time in the browser. I am getting 500 error(POST http://localhost:10080/Project/apps/services/j_security_check 500 (Internal Server Error)) when I try to logging in. I have uncommented wl.client.connect and gone through the following conversations at stackoverflow. Link1, link2 and link3
Server Logs
[ERROR ] SESN0008E: A user authenticated as anonymous has attempted to access a session owned by user:BasicRegistry/admin.
[ERROR ] SESN0008E: A user authenticated as anonymous has attempted to access a session owned by user:BasicRegistry/admin.
[ERROR ] SESN0008E: A user authenticated as anonymous has attempted to access a session owned by user:BasicRegistry/admin.
[ERROR ] SESN0008E: A user authenticated as anonymous has attempted to access a session owned by user:BasicRegistry/admin.
What is my scenario?
User is initially taken to login page and later when he clicks on login I will collect the details and automatically set to j_secutity_form when it throws challenge and submit. I am getting 401 when I open the application and getting 500 when I click on login. which calls
var reqURL = '/j_security_check';
var options = {};
options.parameters = {
j_username : loginData.email,
j_password : loginData.password
};
options.headers = {};
ldapRealmChallengeHandler.submitLoginForm(reqURL, options,ldapRealmChallengeHandler.submitLoginFormCallback);
I have following questions:
1) Is the documentation that I am following is complete or it needs some additions thing that need to be done ?
2) What is the cause for getting blocked with the above errors
And here is my code:
var ldapRealmChallengeHandler = WL.Client.createChallengeHandler("LDAPRealm");
ldapRealmChallengeHandler.isCustomResponse = function(response) {
if (!response || response.responseText === null) {
return false;
}
var indicatorIdx = response.responseText.search('j_security_check');
if (indicatorIdx >= 0){
return true;
}
return false;
};
ldapRealmChallengeHandler.handleChallenge = function(response){
};
ldapRealmChallengeHandler.submitLoginFormCallback = function(response) {
var isLoginFormResponse = ldapRealmChallengeHandler.isCustomResponse(response);
if (isLoginFormResponse){
ldapRealmChallengeHandler.handleChallenge(response);
}
else {
ldapRealmChallengeHandler.submitSuccess();
}
};
logout = function(){
WL.Client.logout('LDAPRealm',{});
}
I think this might be related to session independence mode which is turned ON by default as of MFP 7.1. I think this might explain why you are getting the SESN0008E error. Here is a link to an article that explains how to disable session independence.
There is more information on the SESN0008E error here.
Please let me know how you get on.
I'm working on a mobile prof-of-concept using IBM's Worklight (6.1) to retrieve info via HTTP server (Apache) running on a mainframe (z/OS). I'm using the HTTP adapter procedure to log-on and retrieve data but I so far no success logging on via Worklight HTTP adapter. If I open a browser and provide the 'user:password' headers, the log-in is successful but if I try it via Worklight procedure, the '401 authorization required' error is returned. The HTTP server error log shows:
.. (139)EDC5139I Operation not permitted. (errno2=0x0BE800DB): SAF
authentication failure for "/cgi-bin/itil_v11_main.sh": SAFRunAs
failure on switching SAF UID from Authorization header using
%%CLIENT%% .. user (\xe1\xcb: authentication failure for
"/cgi-bin/itil_v11_main.sh": Password Mismatch
That 'password mismatch' may suggest the 'headers' are not correct? Here's the procedure:
var user_id = 'userid';
var user_psw = 'userpassword';
var loginstring ;
var base64= new com.worklight.customcode.Base64Encoding();
function getITIL() {
loginstring = base64.encode(user_id+':'+user_psw);
var path = '/cgi-bin/itil_v11_main.sh';
var input = {
method : 'get',
headers : {
'Authorization' : 'Basic ' + loginstring
},
returnedContentType : 'html',
path : path
};
return WL.Server.invokeHttp(input);
}
It seems like you've implemented it correctly, however the complaint is on the password, which in your case originates from var base64= new com.worklight.customcode.Base64Encoding();.
Because you do not supply the code that you are using in said class, it's difficult to say what the error is, but that is where you should look at for the cause of your error.
You'll need to provide the class's implementation in order to further debug the question.