I have build hybrid app and deployed it on IBM mobilefirst server 7.0. App contains android service which used to send data to backend server. After updating the android application on production I am getting
com.worklight.core.auth.ext.DeviceAuthenticator E FWLSE4007E: Received bad token from client. Server token:'ap6oohvlpd3ak1dmfivsqafebp', client token:'9u7ta9r1592qmvphssfclqn2h0'.
and also if I check ihs server then on IHS server I am getting 401 unauthorized. I guess it is because of token which WAS is send to client but in these case token is never going back to client,I think that is the reason I am getting 401 every time and my data not going to back end.
Please help me out to solve my problem.
Related
Credentials were Correct.
5.7.57 SMTP - Client was not authenticated to send mail, 535 5.7.139 Authentication unsuccessful
returning this error while sending email using SMTP in .Net
This Application is deployed in Azure
Not sure what is causing the issue, previoulsy it was working suddenly it stopped.
Tried with Exchange Server throwing 401 unAuthorized error.
That's because .NET SMTP class is old and doesn't support authentication.
Take a look at its cross platform replacement. Microsoft recommends this library.
https://dotnetfoundation.org/projects/mailkit
Do we need to call WL.Client.Login API before submitLoginForm in MobileFIrst 7.1.0 while using Formbasedauthentication (LoginModule = LDAP).
IBM documentation does not mention it but we found that if we do not call it MobileFirst Server does not send any Challenge.But we call that before submitLoginForm we receive all challenge handler and got authenticated from LDAP.
Please Advice.
Yes.
submitLoginForm() is the step where the client side code ( challengehandler) sends the credentials to the server. This is in case of Form based login.
The challenge will come from the server as a result of the application connecting to the server by:
WL.Client.connect(). In this case, if the application is protected, server throws the challenge.
WL.Client.login(realmName). If this is a custom realm, the server sends a challenge to be handled.
Invoking a protected resource using WLResourceRequest. The server responds with a challenge.
When user enters wrong credentials to an earlier challenge
When the challenge comes, you handle it in the challengehandler. The handleChallenge flow in the client ends with the client submitting the credentials in the login form and sending it to the server using the API - submitLoginForm().
I am testing a server that uses google cloud messaging (GCM)
In order to perform the test without an actual device (for a faster way and actually test only the server side)
I am looking for a way to register as a client WITHOUT a device
I have from the server the project id and the sender id
But I see that I need an instanse id of the client in order to register to GCM (via https: //android.googleapis.com/gcm/send)
Is it possible to generate an instance id without an actual client?
P.S.
Maybe it will help I have found this code of Angular GCM client, and Python GCM client
but i couldn't succeeded to find a solution for registration yet
Thank you
I don't think you can remove the "client app" out of the equation as it is part of the architectural components of GCM:
A GCM implementation includes a Google connection server, an app
server in your environment that interacts with the connection server
via HTTP or XMPP protocol, and a client app.
However if you meant, without a real device, try using the emulator.
I have a scenario wherein my ASP.NET MVC 3 web application hosted in IIS 7/Windows 2008 is accessing a WCF web service from another server, also hosted in IIS/Windows 2008. KCD is setup between the two servers and I have the necessary SPNs set up as well.
I have confirmed this working in IE. Using NetMon, I have also confirmed that KCD is working at the backend. My web app is running under machine account (network service) and the SPNs are setup accordingly for this machine account. The issue is when I use Safari on both my Windows and Mac OS X (Lion) machine, I am getting a 401 Unauthorized error:
The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'.
Looking at NetMon, it is failing because the request to the WCF web service is falling back to NTLM.
Note that both Windows and Mac machines are part of our domain, and I'm using my same Windows credentials on both machines.
I know that Safari supports Kerberos authentication, but there seems to be an issue when delegating from my web app to the WCF service. Is it an issue with Safari, or with WCF?
Thanks in advance!
Update:
In Safari on Mac, when I first access the web application, I can see in Wireshark and NetMon that there is a valid Kerberos token being passed along the HTTP request (i'm not getting a 401 Unauthorized error). But when my web application tries to access the backend web service, I can see in that particular HTTP request that the token being passed along is now an NTLM token.
I'm using basicHttpBinding with TransportCredentialOnly as the security mode - I also specified in web.config the SPN identity of the backend web service's endpoint (HTTP/FQDN of backend web service server). Windows Auth is of course enabled on both IIS sites with "use kernel mode" turned on, and with useAppPoolCredentials set to true on the appHost.config of both sites. Again this is just for Safari on Mac, Firefox and Chrome are both working fine.
Check in Wireshark whether Safari sends a delegable/forwardable ticket.
Are you able to access the backend service directly? Is credential delegation on, I guess the ticket is not delegable? Safari has to request this. Firefox and IE do. The NTLM token passed is a token from your server. There is no delegation support in NTLM. There is something wrong with the target host.
Looking at the Wireshark traces, it seems that Safari is requesting for a Kerberos ticket that is not forwardable. Due to this flag, the Kerberos ticket is not forwarded / delegated to the next hop, causing the authentication to fall back to NTLM and fail.
Comparing this to the TGS request requested by IE, Firefox and Chrome, they all have a forwardable flag set.
I also tried doing a klist -F in Mac OS X to retrieve tickets that are forwardable, but Safari will still request for a separate ticket that doesn't have the forwardable flag.
Which brings me to a conclusion that Safari on Mac DOES NOT support delegation.
Im doing an small cordova APP for android that use GCM plugin to connect to GCM and receive notifications.
I know all the working flow of GCM:
Server APP start
Client connect to the server, get the GCM Token and send to the server
Server store the client token
Client disconnect
Server can send push message to the client using the last token saved
If the client reconnect check the client token to update ir or not in the server
but I have a special case issue:
Server APP start
Client connect to the server, get the GCM Token and send to the server
Client disconnect
Server crash, lossing the client tokens
Server restart, without clien tokens
Server canT send push to the client because losse the client token, client still listening for push but server cant force them to update.
Exists some method to allow the server reset the client token or get the clients connected to specific GCM APP ID? Because if I need to restar the server and dont save the tokens, i dont know if the client is listening or not, and if the client token expires i never know.
Why don't you persist the token into a database ? Then you won't loose the tokens if the server crashes.
In addition, you can accomplish refreshing invalid tokens by checking the error response from GCM after sending a message to an invalid token, if you get for example Unregistered Device then all you have to do is to remove that token from your database. See more details here and here