I am developing a hybrid application with IBM MobileFirst Platform Foundation 7.
I am facing an issue with custom direct update, where I have two options: to update now or later. When I choose to update the application, everything is working fine. But when i choose "later", I am unable to login (adapter service unable to communicate with the MobileFirst Server).
wl_directUpdateChallengeHandler.handleDirectUpdate = function(directUpdateData, directUpdateContext) {
// custom WL.SimpleDialog for Direct Update
var customDialogTitle = 'Update Available';
var customDialogMessage = 'Update your application to get new features';
var customButtonText1 = 'Update Application';
var customButtonText2 = 'Not Now';
WL.SimpleDialog.show(customDialogTitle, customDialogMessage,
[{
text : customButtonText1,
handler : function() {
directUpdateContext.start();
}
},
{
text : customButtonText2,
handler : function() {
wl_directUpdateChallengeHandler.submitFailure();
}
}]
);
};
authenticationConfig.xml
<customSecurityTest name="SubscribeServlet">
<test realm="SubscribeServlet" isInternalUserID="true"/>
</customSecurityTest>
<customSecurityTest name="AuthSecurityTest">
<test isInternalUserID="true" realm="AuthRealm"/>
</customSecurityTest>
<customSecurityTest name="xssSecurity">
<test realm="wl_antiXSRFRealm" isInternalUserID="true" step="1"/>
</customSecurityTest>
<realm loginModule="AuthLoginModule" name="AuthRealm"> <className>com.worklight.integration.auth.AdapterAuthenticator</className>
<parameter name="login-function" value="LoginAdapter.onAuthRequired"/>
<parameter name="logout-function" value="LoginAdapter.onLogout"/>
</realm>
<realm name="SampleAppRealm" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
</realm>
<realm name="SubscribeServlet" loginModule="rejectAll">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm>
<loginModule name="AuthLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
<loginModule name="StrongDummy" expirationInSeconds="3600">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
<loginModule name="requireLogin" expirationInSeconds="3600">
<className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
</loginModule>
<loginModule name="rejectAll" expirationInSeconds="3600">
<className>com.worklight.core.auth.ext.RejectingLoginModule</className>
</loginModule>
application-descriptor
<iphone bundleId="" version="1.0">
<worklightSettings include="false"/>
<security>
<encryptWebResources enabled="false"/>
<testWebResourcesChecksum enabled="false" ignoreFileExtensions="png, jpg, jpeg, gif, mp4, mp3"/>
</security>
</iphone>
<userIdentityRealms/>
<accessTokenExpiration>3600</accessTokenExpiration>
<android version="1.0">
<worklightSettings include="false"/>
<security>
<encryptWebResources enabled="false"/>
<testWebResourcesChecksum enabled="false" ignoreFileExtensions="png, jpg, jpeg, gif, mp4, mp3"/>
<publicSigningKey/>
<packageName/>
</security>
</android>
<ipad bundleId="" version="1.0">
<worklightSettings include="false"/>
<security>
<encryptWebResources enabled="false"/>
<testWebResourcesChecksum enabled="false" ignoreFileExtensions="png, jpg, jpeg, gif, mp4, mp3"/>
</security>
</ipad>
<windowsPhone8 version="1.0">
<uuid>dfae1768-838f-4fda-acc8-11b201cae4d0</uuid>
</windowsPhone8>
<mobileWebApp cacheManifest="no-use" securityTest="xssSecurity" xFrameOptions="SAMEORIGIN"/>
<windows8 version="1.0">
<description>windows8 is the identifier Windows 8 Universal desktop/tablet Universal app. Use the Package family name from the package.appxmanifest file as the value for the packageName tag</description>
<uuid>edff315b-76ed-4bdb-b710-f44462081793</uuid>
</windows8>
<windowsphoneuniversal version="1.0">
<description>windowsphoneuniversal is the identifier for Windows Phone Universal. Use the Package family name from the package.appxmanifest file as the value for the packageName tag</description>
<uuid>46bbad67-8f1a-4c5a-8d1a-5400ef36a787</uuid>
</windowsphoneuniversal>
Related
I'm trying to make direct update work on my IBM MobileFirst application, but it works only for Android version.
Here is my conf files.
authenticationConfig.xml
<?xml version="1.0" encoding="UTF-8"?>
<tns:loginConfiguration xmlns:tns="http://www.worklight.com/auth/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<staticResources>
<resource id="subscribeServlet" securityTest="SubscribeServlet">
<urlPatterns>/subscribeSMS*;/receiveSMS*;/ussd*</urlPatterns>
</resource>
</staticResources>
<securityTests>
<mobileSecurityTest name="mobileWithDirectUpdate">
<testDirectUpdate mode="perSession"/>
</mobileSecurityTest>
<customSecurityTest name="securityCanalLojista">
<test realm="wl_authenticityRealm" step="1"/>
<test realm="wl_antiXSRFRealm" step="2"/>
<test realm="wl_remoteDisableRealm" step="2"/>
<test isInternalUserID="true" realm="wl_anonymousUserRealm" step="2"/>
<test isInternalDeviceID="true" realm="wl_deviceNoProvisioningRealm" step="2"/>
<test realm="wl_directUpdateRealm" mode="perSession" step="1" />
</customSecurityTest>
<customSecurityTest name="SubscribeServlet">
<test realm="SubscribeServlet" isInternalUserID="true"/>
</customSecurityTest>
</securityTests>
<realms>
<realm name="SampleAppRealm" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
</realm>
<realm name="SubscribeServlet" loginModule="rejectAll">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm>
</realms>
<loginModules>
<loginModule name="StrongDummy" expirationInSeconds="3600">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
<loginModule name="requireLogin" expirationInSeconds="3600">
<className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
</loginModule>
<loginModule name="rejectAll" expirationInSeconds="3600">
<className>com.worklight.core.auth.ext.RejectingLoginModule</className>
</loginModule>
</loginModules>
</tns:loginConfiguration>
applicationDescriptor.xml
<?xml version='1.0' encoding='utf-8'?>
<application id="br_com_customer_CanalLojista" platformVersion="7.1.0.00.20160229-1240" xmlns="http://www.worklight.com/application-descriptor" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<displayName>CanalLojista</displayName>
<description>A sample Apache Cordova application that responds to the deviceready event.</description>
<author>
<name>IBM MobileFirst Team</name>
<email>mobileb#us.ibm.com</email>
<copyright>Copyright My Company</copyright>
<homepage>https://developer.ibm.com/mobilefirstplatform/documentation/getting-started</homepage>
</author>
<mainFile>index.html</mainFile>
<thumbnailImage>www/img/thumbnail.png</thumbnailImage>
<accessTokenExpiration>3600</accessTokenExpiration>
<userIdentityRealms />
<licenseAppType>APPLICATION</licenseAppType>
<targetCategory>UNDEFINED</targetCategory>
<android version="1.0.0" securityTest="securityCanalLojista">
<worklightSettings include="false" />
<security>
<encryptWebResources enabled="false" />
<testWebResourcesChecksum enabled="false" ignoreFileExtensions="png, jpg, jpeg, gif, mp4, mp3" />
<publicSigningKey>MyPublicKeyuhaush</publicSigningKey>
<packageName>br.com.customer.CanalLojista</packageName>
</security>
</android>
<iphone bundleId="br.com.customer.CanalLojista" applicationId="br_com_customer_CanalLojista" version="1.0.0" securityTest="securityCanalLojista">
<worklightSettings include="false" />
<security>
<encryptWebResources enabled="false" />
<testWebResourcesChecksum enabled="false" ignoreFileExtensions="png, jpg, jpeg, gif, mp4, mp3" />
</security>
</iphone>
</application>
My deployed version is using my securityTest.
On this IBM article Enabling Direct Update Authenticity checks and see something about directUpdateAuthenticityPublicKey tag, but I'm sure if I really need to set it up because it's not necessary to see it working on Android.
Anybody knows what's wrong on my project?
Sorry guys, my configuration is OK, I was changing a code that wasn't necessary to ipad/iphone, that's the reason why it didn't downloading a new version. After change a file that's necessary on ipad it downloaded a new version.
I made changes in the MobileFirst application and deployed on to the mobile device it is asking for "update for the application is available in android" How to disable it.
This is my authenticationConfig.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<tns:loginConfiguration xmlns:tns="http://www.worklight.com/auth/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<staticResources>
<!--
<resource id="logUploadServlet" securityTest="LogUploadServlet">
<urlPatterns>/apps/services/loguploader*</urlPatterns>
</resource>
-->
<resource id="subscribeServlet" securityTest="SubscribeServlet">
<urlPatterns>/subscribeSMS*;/receiveSMS*;/ussd*</urlPatterns>
</resource>
</staticResources>
<securityTests>
<!--
<mobileSecurityTest name="mobileTests">
<testAppAuthenticity/>
<testDeviceId provisioningType="none" />
<testUser realm="myMobileLoginForm" />
<testDirectUpdate mode="disabled" />
</mobileSecurityTest>
<webSecurityTest name="webTests">
<testUser realm="myWebLoginForm"/>
</webSecurityTest>
<customSecurityTest name="customTests">
<test realm="wl_antiXSRFRealm" step="1"/>
<test realm="wl_authenticityRealm" step="1"/>
<test realm="wl_remoteDisableRealm" step="1"/>
<test realm="wl_directUpdateRealm" mode="perSession" step="1"/>
<test realm="wl_anonymousUserRealm" isInternalUserID="true" step="1"/>
<test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="2"/>
</customSecurityTest>
<customSecurityTest name="LogUploadServlet">
<test realm="wl_anonymousUserRealm" step="1"/>
<test realm="LogUploadServlet" isInternalUserID="true"/>
</customSecurityTest>
-->
<customSecurityTest name="SubscribeServlet">
<test realm="SubscribeServlet" isInternalUserID="true"/>
</customSecurityTest>
</securityTests>
<realms>
<realm name="SampleAppRealm" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
</realm>
<realm name="SubscribeServlet" loginModule="rejectAll">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm>
<!-- For client logger -->
<!-- <realm name="LogUploadServlet" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm -->
<!-- For websphere -->
<!-- realm name="WASLTPARealm" loginModule="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
<parameter name="login-page" value="/login.html"/>
<parameter name="error-page" value="/loginError.html"/>
</realm -->
<!-- For User Certificate Authentication -->
<!-- realm name="wl_userCertificateAuthRealm" loginModule="WLUserCertificateLoginModule">
<className>com.worklight.core.auth.ext.UserCertificateAuthenticator</className>
<parameter name="dependent-user-auth-realm" value="WASLTPARealm" />
<parameter name="pki-bridge-class" value="com.worklight.core.auth.ext.UserCertificateEmbeddedPKI" />
<parameter name="embedded-pki-bridge-ca-p12-file-path" value="/opt/ssl_ca/ca.p12"/>
<parameter name="embedded-pki-bridge-ca-p12-password" value="capassword" />
</realm -->
<!-- For Trusteer Fraud Detection -->
<!-- Requires acquiring Trusteer SDK -->
<!-- realm name="wl_basicTrusteerFraudDetectionRealm" loginModule="trusteerFraudDetectionLogin">
<className>com.worklight.core.auth.ext.TrusteerAuthenticator</className>
<parameter name="rooted-device" value="block"/>
<parameter name="device-with-malware" value="block"/>
<parameter name="rooted-hiders" value="block"/>
<parameter name="unsecured-wifi" value="alert"/>
<parameter name="outdated-configuration" value="alert"/>
</realm -->
</realms>
<loginModules>
<loginModule name="StrongDummy">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
<loginModule name="requireLogin">
<className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
</loginModule>
<loginModule name="rejectAll">
<className>com.worklight.core.auth.ext.RejectingLoginModule</className>
</loginModule>
<!-- Required for Trusteer - wl_basicTrusteerFraudDetectionRealm -->
<!-- loginModule name="trusteerFraudDetectionLogin">
<className>com.worklight.core.auth.ext.TrusteerLoginModule</className>
</loginModule-->
<!-- For websphere -->
<!-- loginModule name="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
</loginModule -->
<!-- Login module for User Certificate Authentication -->
<!-- <loginModule name="WLUserCertificateLoginModule">
<className>com.worklight.core.auth.ext.UserCertificateLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with no-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceNoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with auto-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceAutoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
</loginModules>
</tns:loginConfiguration>
Well, you can "disable auto-update" easily. try this way
Mobile security test
If a Direct Update test is not specified in a mobile security test, it is enabled with the default perSession mode. To change the direct update mode to perRequest in a mobile security test, add a direct update test with mode="perRequest" to a mobile security test: <testDirectUpdate mode="perRequest"/>. To disable direct update in a mobile security test, add a direct update test with mode="disabled" to the mobile security test: <testDirectUpdate mode="disabled"/>.
Custom security test
To add a Direct Update test to a custom security test, add the following test to the security test: <test realm="wl_directUpdateRealm"/>. The default mode is perSession. To change the mode, specify a value for the mode attribute: <test realm="wl_directUpdateRealm" mode="perRequest"/>. To disable automatic Direct Update in a custom security test, either set the mode to disabled or do not add a test with a Direct Update realm.
Now ,re-build the project and re-deploy the .war file (local server,production server) as well use an updated application
more information https://www-01.ibm.com/support/knowledgecenter/SSHS8R_7.1.0/com.ibm.worklight.dev.doc/admin/c_direct_update_as_security_realm.html?lang=en
Remove the Direct Update security test from your security tests in authenticationConfig.xml. If in a non-development (Studio/CLI) environment, make sure to also re-build the project and re-deploy the .war file as well use an updated application.
I'm developing a bank app for a company using WL enterprise edition with version 6.2.0.1,
I have deployed the WAR file for the application and implemented a securityTest for Mobile and Web.
Everything is working fine on iPhone, Android and web mobile.
However, when i try to connect through BB 10 (z10 or Q10) i'm getting this error on the server log.
Error log:
LoginContext E com.worklight.core.auth.impl.LoginContext
processRequest FWLSE0117E: Error code: 4, error description:
AUTHENTICATION_ERROR, error message: An error occurred while
performing authentication using loginModule
WLDeviceNoProvisioningLoginModule, User Identity Not available.
[project MobileBanking] [project MobileBanking]
the authenticationConfig.xml is the following
<?xml version="1.0" encoding="UTF-8"?>
<!-- Licensed Materials - Property of IBM
5725-I43 (C) Copyright IBM Corp. 2006, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use, duplication or
disclosure restricted by GSA ADP Schedule Contract with IBM Corp. -->
<staticResources>
<resource id="subscribeServlet" securityTest="SubscribeServlet">
<urlPatterns>/subscribeSMS*;/receiveSMS*;/ussd*</urlPatterns>
</resource>
</staticResources>
<securityTests>
<mobileSecurityTest name="MobileBankingTestMobile">
<testDeviceId provisioningType="none" />
<testDirectUpdate mode="perSession" />
</mobileSecurityTest>
<webSecurityTest name="MobileBankingTest">
<testUser realm="MobileBankingRealm" />
</webSecurityTest>
<customSecurityTest name="SubscribeServlet">
<test realm="SubscribeServlet" isInternalUserID="true"/>
</customSecurityTest>
</securityTests>
<realms>
<realm loginModule="BankingLoginModule" name="MobileBankingRealm">
<className>com.worklight.integration.auth.AdapterAuthenticator</className>
<parameter name="login-function" value="MBCAuthenticationAdapter.onAuthRequired" />
<parameter name="logout-function" value="MBCAuthenticationAdapter.onLogout" />
</realm>
<!-- <realm name="SampleAppRealm" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
</realm> -->
<realm name="SubscribeServlet" loginModule="rejectAll">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm>
<!-- For client logger -->
<!-- <realm name="LogUploadServlet" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm -->
<!-- For websphere -->
<!-- realm name="WASLTPARealm" loginModule="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
<parameter name="login-page" value="/login.html"/>
<parameter name="error-page" value="/loginError.html"/>
</realm -->
<!-- For User Certificate Authentication -->
<!-- realm name="wl_userCertificateAuthRealm" loginModule="WLUserCertificateLoginModule">
<className>com.worklight.core.auth.ext.UserCertificateAuthenticator</className>
<parameter name="dependent-user-auth-realm" value="WASLTPARealm" />
<parameter name="pki-bridge-class" value="com.worklight.core.auth.ext.UserCertificateEmbeddedPKI" />
<parameter name="embedded-pki-bridge-ca-p12-file-path" value="/opt/ssl_ca/ca.p12"/>
<parameter name="embedded-pki-bridge-ca-p12-password" value="capassword" />
</realm -->
<!-- For Trusteer Fraud Detection -->
<!-- Requires acquiring Trusteer SDK -->
<!-- realm name="wl_basicTrusteerFraudDetectionRealm" loginModule="trusteerFraudDetectionLogin">
<className>com.worklight.core.auth.ext.TrusteerAuthenticator</className>
<parameter name="rooted-device" value="block"/>
<parameter name="device-with-malware" value="block"/>
<parameter name="rooted-hiders" value="block"/>
<parameter name="unsecured-wifi" value="alert"/>
<parameter name="outdated-configuration" value="alert"/>
</realm -->
</realms>
<loginModules>
<loginModule name="BankingLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
<!-- <loginModule name="StrongDummy">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
<loginModule name="requireLogin">
<className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
</loginModule> -->
<loginModule name="rejectAll">
<className>com.worklight.core.auth.ext.RejectingLoginModule</className>
</loginModule>
<!-- Required for Trusteer - wl_basicTrusteerFraudDetectionRealm -->
<!-- loginModule name="trusteerFraudDetectionLogin">
<className>com.worklight.core.auth.ext.TrusteerLoginModule</className>
</loginModule-->
<!-- For websphere -->
<!-- loginModule name="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
</loginModule -->
<!-- Login module for User Certificate Authentication -->
<!-- <loginModule name="WLUserCertificateLoginModule">
<className>com.worklight.core.auth.ext.UserCertificateLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with no-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceNoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with auto-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceAutoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
</loginModules>
Application-descriptor.xml:
I kept it the same with no changes than the original,
I have changed the BB parameters for testing, each test is done separately, and the app is being deployed on BB10 Device for each change, but didn't work:
<android version="1.0">
<worklightSettings include="true"/>
<security>
<encryptWebResources enabled="true"/>
<testWebResourcesChecksum enabled="true" ignoreFileExtensions="png, jpg, jpeg, gif, mp4, mp3"/>
<publicSigningKey/>
</security>
</android>
<blackberry10 version="1.0"> </blackberry10>
How can I fix this issue? is there a certification needs to be installed on the WL enterprise server for BB? is there a fix for the realm issue for BB10.?
Thanks
We have solved the issue by raising a PMR with IBM.
They provided us with an update for Eclipse kepler containing the fix for the BB authentication and with 32 extra fixes.
I get this error after deploying a new war through the server configuration tool. I tried to revert back to the original war error persist.
Tomcat 7.0.30
Worklight Server 6.1.0.2
javax.servlet.ServletException: Worklight Console initialization failed.Logged Exception: java.lang.RuntimeException: conf/authenticationConfig.xml contains duplicated realm named: wl_anonymousUserRealm
com.worklight.core.auth.impl.AuthenticationFilter.verifyServletInitialized(AuthenticationFilter.java:317)
com.worklight.core.auth.impl.AuthenticationFilter.doFilter(AuthenticationFilter.java:111)
The xml is built by default my realm is defined in the context.xml for server.
<!-- Licensed Materials - Property of IBM
5725-G92 (C) Copyright IBM Corp. 2006, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use, duplication or
disclosure restricted by GSA ADP Schedule Contract with IBM Corp. -->
<!-- Uncomment the next element to protect the worklight console and the first section in securityTests below. -->
<staticResources>
<!-- <resource id="worklightConsole" securityTest="WorklightConsole">
<urlPatterns>/console*</urlPatterns>
</resource>
-->
<resource id="subscribeServlet" securityTest="SubscribeServlet">
<urlPatterns>/subscribeSMS*</urlPatterns>
</resource>
</staticResources>
test below , element must be added to application-descriptor.xml as well. -->
<securityTests>
<!--
<customSecurityTest name="WorklightConsole">
<test realm="WorklightConsole" isInternalUserID="true"/>
</customSecurityTest>
<mobileSecurityTest name="mobileTests">
<testAppAuthenticity/>
<testDeviceId provisioningType="none" />
<testUser realm="myMobileLoginForm" />
</mobileSecurityTest>
<webSecurityTest name="webTests">
<testUser realm="myWebLoginForm"/>
</webSecurityTest>
<customSecurityTest name="customTests">
<test realm="wl_antiXSRFRealm" step="1"/>
<test realm="wl_authenticityRealm" step="1"/>
<test realm="wl_remoteDisableRealm" step="1"/>
<test realm="wl_anonymousUserRealm" isInternalUserID="true" step="1"/>
<test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="2"/>
</customSecurityTest>
-->
<customSecurityTest name="SubscribeServlet">
<test isInternalUserID="true" realm="SubscribeServlet"/>
</customSecurityTest>
<customSecurityTest name="AgentSecurityTest">
<test isInternalUserID="true" realm="FbitnAgentRealm"/>
</customSecurityTest>
</securityTests>
<realms>
<!--realm name="ConsumerRealm" loginModule="AnonymousLoginModule" >
<className>com.worklight.integration.auth.AdapterAuthenticator</className>
<parameter name="login-function" value="ConsumerPolicy.onAuthRequired"/>
<parameter name="logout-function" value="ConsumerPolicy.onLogout"/>
</realm-->
<realm loginModule="StrongDummy" name="SampleAppRealm">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
</realm>
<realm loginModule="requireLogin" name="WorklightConsole">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
<onLoginUrl>/console</onLoginUrl>
</realm>
<realm loginModule="rejectAll" name="SubscribeServlet">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm>
<!-- For websphere -->
<!-- realm name="WASLTPARealm" loginModule="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
<parameter name="login-page" value="/login.html"/>
<parameter name="error-page" value="/loginError.html"/>
</realm -->
<realm name="FbitnAgentRealm" loginModule="FbitnAgentLogin">
<className>com.fbitn.WorklightCustomAuthenticator</className>
</realm>
</realms>
<loginModules>
<loginModule name="FbitnAgentLogin">
<className>com.fbitn.WorklightCustomLogin</className>
</loginModule>
<!--loginModule name="AnonymousLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule-->
<!--loginModule name="HeaderLoginModule" canBeResourceLogin="true" isIdentityAssociationKey="true" audit="true"-->
<loginModule name="StrongDummy">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
<loginModule name="requireLogin">
<className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
</loginModule>
<loginModule name="rejectAll">
<className>com.worklight.core.auth.ext.RejectingLoginModule</className>
</loginModule>
<!-- For websphere -->
<!-- loginModule name="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
</loginModule -->
<!-- For enabling SSO with no-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceNoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with auto-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceAutoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
</loginModules>
There was two versions on the server. Tomcat/Worklight/app and Tomcat/webapps/app. I'm not sure the the server config tool was used to deploy the first one, but was on the second deploy. I removed the app contents from the Worklight folder and left the original folder under webapps, the server.xml is configured to read both directories, only one is needed.
I found out this was because of the worklight-jee-library.jar was install under the tomcat/lib and in the tomcat/Worklight/app. I believe the one in the lib was placed there by the installation manager when Worklight 6.1 was installed.
I did a worklight app with worklight6.0.0, which has some http adapters that works fine with my liberty profile in eclipse.
now i want to transport this app to a websphere 8.0.0.6 environment, but when i did that i recieve this message in the catlog:
info: {"challenges":{"wl_antiXSRFRealm":{"WL-Instance-Id":"ajjqfhmo88gqmm955r2p22vq7j"}}}*/
error: defaultOptions:onFailure Procedure invocation error.
and this is another error:
[Http://190.246.205.5:9081/WorklightPocProj/apps/services/../../invoke] failure. state: 500, response: The server was unable to process the request from the application. Please try again later.
defaultOptions:onFailure The server was unable to process the request from the application. Please try again later.
I put a call on the wlinit to a dummy adapter and the response is correctly, this error that the app give to me happens just after i call this method:
handler.submitAdapterAuthentication(invocationData, {});
So I've change the worklight.properties and redeploy the .war, then, I've deploy that .war on the WAS and install the all.wlapp and all the .adapter files.
and i can see all the file deployed in my worklight console, and my android app connects to the worklight server correctly
In this .war, i have another app (a facebook app) which doesnt have any adapter and works fine.
This is my code realm:
<securityTests>
<!--
<customSecurityTest name="WorklightConsole">
<test realm="WorklightConsole" isInternalUserID="true"/>
</customSecurityTest>
<mobileSecurityTest name="mobileTests">
<testAppAuthenticity/>
<testDeviceId provisioningType="none" />
<testUser realm="myMobileLoginForm" />
</mobileSecurityTest>
<webSecurityTest name="webTests">
<testUser realm="myWebLoginForm"/>
</webSecurityTest>
<customSecurityTest name="customTests">
<test realm="wl_antiXSRFRealm" step="1"/>
<test realm="wl_authenticityRealm" step="1"/>
<test realm="wl_remoteDisableRealm" step="1"/>
<test realm="wl_anonymousUserRealm" isInternalUserID="true" step="1"/>
<test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="2"/>
</customSecurityTest>
-->
<customSecurityTest name="SubscribeServlet">
<test realm="SubscribeServlet" isInternalUserID="true"/>
</customSecurityTest>
<customSecurityTest name="SimpleAuthAdapterTest">
<test realm="SimpleAuthRealm" isInternalUserID="true" />
</customSecurityTest>
</securityTests>
<realms>
<realm name="SampleAppRealm" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
</realm>
<realm name="WorklightConsole" loginModule="requireLogin">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
<onLoginUrl>/console</onLoginUrl>
</realm>
<realm name="SimpleAuthRealm" loginModule="SimpleAuthLoginModule">
<className>com.worklight.integration.auth.AdapterAuthenticator</className>
<parameter name="login-function" value="SimpleAuthAdapter.onAuthRequired" />
<parameter name="logout-function" value="SimpleAuthAdapter.onLogout" />
</realm>
<realm name="SubscribeServlet" loginModule="rejectAll">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm>
<!-- For websphere -->
<!-- realm name="WASLTPARealm" loginModule="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
<parameter name="login-page" value="/login.html"/>
<parameter name="error-page" value="/loginError.html"/>
</realm -->
</realms>
<loginModules>
<loginModule name="SimpleAuthLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
<loginModule name="StrongDummy">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
<loginModule name="requireLogin">
<className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
</loginModule>
<loginModule name="rejectAll">
<className>com.worklight.core.auth.ext.RejectingLoginModule</className>
</loginModule>
<!-- For websphere -->
<!-- loginModule name="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
</loginModule -->
<!-- For enabling SSO with no-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceNoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with auto-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceAutoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
</loginModules>
and this is my a part of my ChallengeHandler code:
var handler = WL.Client.createChallengeHandler("SimpleAuthRealm");
var busyInd;
function login() {
busyInd = new WL.BusyIndicator('content', {
text : 'Verificando credenciales...'
});
busyInd.show();
var username = $('#AuthUsername').val();
var password = $('#AuthPassword').val();
usuario1 = username;
password1 = password;
var invocationData = {
adapter : "SimpleAuthAdapter",
procedure : "submitAuthentication",
parameters : [ "Basic " + Base64.encode(username + ":" + password),
username ]
};
handler.submitAdapterAuthentication(invocationData, {});
};
Is there something that I'm missing or I'm doing wrong?
Solved: this error happens because the application security was enabled on the was server without setting any role on the web.xml file.