When running the Worklight Admin command line tool, version 6.3.0.00.20141127-1357, against same version server, I am receiving an error. This occurs when running the "list apps" command and a few other app-specific queries.
/app/IBM/MobileFirst_Platform_Server/shortcuts/wladm --configfile=/app/IBM/bldsrvwladmconfig.txt
Error accessing
http://localhost:9080/worklightadmin/management-apis/1.0/runtimes/worklight/applications?pageSize=1000000000&locale=en_US:
HTTP/1.1 500 Internal Server Error FWLSE3000E: A server error was
detected. Illegal JSON value for key 'deviceProvisioningRealm': null
Getting the content of the URL directly successfully returns data.
APAR PI33197 references a similar error, but without explanation of the cause or solution.
authenticationConfig.xml:
<?xml version="1.0" encoding="UTF-8"?>
<tns:loginConfiguration xmlns:tns="http://www.worklight.com/auth/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<!-- Licensed Materials - Property of IBM 5725-G92 (C) Copyright IBM Corp.
2006, 2013. All Rights Reserved. US Government Users Restricted Rights -
Use, duplication or disclosure restricted by GSA ADP Schedule Contract with
IBM Corp. -->
<staticResources>
<resource id="subscribeServlet" securityTest="SubscribeServlet">
<urlPatterns>/subscribeSMS*;/receiveSMS*;/ussd*</urlPatterns>
</resource>
</staticResources>
<securityTests>
<customSecurityTest name="SubscribeServlet">
<test realm="wl_directUpdateRealm" step="1"/>
<test isInternalUserID="true" realm="SubscribeServlet"/>
</customSecurityTest>
<customSecurityTest name="ISAMforWorklight-web-securityTest">
<test realm="wl_antiXSRFRealm" />
<test realm="WASLTPARealm" isInternalUserID="true" step="1"/>
</customSecurityTest>
<customSecurityTest name="ISAMforWorklight-Step-up-securityTest">
<test realm="wl_directUpdateRealm" step="1"/>
<test isInternalDeviceID="false" isInternalUserID="true" realm="WASLTPARealm"/>
</customSecurityTest>
</securityTests>
<realms>
<realm loginModule="WASLTPAModule" name="WASLTPARealm">
<className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
<parameter name="login-page" value="/login.html"/>
<parameter name="error-page" value="/loginError.html"/>
</realm>
<realm loginModule="rejectAll" name="SubscribeServlet">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm>
<realm name="WorklightConsole" loginModule="requireLogin">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
<onLoginUrl>/console</onLoginUrl>
</realm>
<realm name="deviceProvisioningRealm" loginModule="rejectAll">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm>
</realms>
<loginModules>
<loginModule name="rejectAll">
<className>com.worklight.core.auth.ext.RejectingLoginModule</className>
</loginModule>
<loginModule name="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
</loginModule>
</loginModules>
</tns:loginConfiguration>
This APAR has been fixed in version 6.3.0.00.20150305-1844. Please download the latest fix available at Fix Central. Our fixes are cumulative so the latest fix will include the fix for this APAR.
Related
Hi I am trying to connect to production server and do App authenticity (native android app). But I Am getting following error "App authenticity security check failed".
What I am doing at MFP project level.
In authconfig xml.
<customSecurityTest name="AuthSecurityTest">
<test realm="wl_antiXSRFRealm" step="1" />
<test realm="wl_authenticityRealm" step="1" />
<test realm="wl_remoteDisableRealm" step="1" />
<test isInternalUserID="true" realm="AuthRealm" step="1" />
<test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true"
step="2" />
</customSecurityTest>
<realm loginModule="AuthLoginModule" name="AuthRealm">
<className>com.worklight.integration.auth.AdapterAuthenticator</className>
<parameter name="login-function" value="AuthAdapter.onAuthRequired" />
<parameter name="logout-function" value="AuthAdapter.onLogout" />
</realm>
<loginModule name="AuthLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
My application descriptor :
<nativeAndroidApp xmlns="http://www.worklight.com/native-android-descriptor"
id="MFP_Android"
platformVersion="7.1.0.00.20160401-2103" securityTest="AuthSecurityTest" version="1.0">
<displayName>MFP_Android</displayName>
<description>MFP_Android</description>
<accessTokenExpiration>3600</accessTokenExpiration>
<publicSigningKey>MIIBHSAKJHDFKJHFKHDFKJHDKJHDFSKJHFDSKJHFDSKJDFHKJDFHDFHJDSKDFSHKDJFSHKJFDHSKJDFSHKJDFSHKJDFSHKJDFHSKJDFHlkasalJAscnmxzcncxmnzksjdadskjdsjsdjskjdksjdakjdssdjksdaj</publicSigningKey>
<packageName>com.mfp</packageName>
<targetCategory>UNDEFINED</targetCategory>
<licenseAppType>APPLICATION</licenseAppType>
</nativeAndroidApp>
I am calling the challenge hander on connect.
AndroidChallengeHandler challengeHandler = new AndroidChallengeHandler("AuthRealm");
WLClient client;
client.registerChallengeHandler(challengeHandler);
client.connect();
I am getting response as
/*-secure- {"reason":"App authenticity security check failed"}*/
y would I get such response.
I find it very strange that your package name is really "com.mfp" as seen in the descriptor XML file: <packageName>com.mfp</packageName>.
Are you absolutely sure this is your package name (that you can find in the AndroidManifest.xml file of your Android native project)?
Another possibility is that the key used to in the descriptor XML file does not match the key that was used to sign the .apk with.
Lastly, this could be due to the steps that you've defined in the Authentication Configuration XML file. Try changing the "wl_remoteDisableRealm" to be "step 2". This change will require you to re-deploy the updated .war file to your application server.
*EDIT: An IBM Employee visited us today to have a look at this problem as well.
We did not solve the problem, but we think the root of the problem is something else. So I will rewrite the problem description.
The server was refusing connection due to the appAuthenticityTest failing. So for now we disabled the appAuthenticityTest to test the server configuration.
But we are now seeing the following errors in the log:
[3/4/16 16:12:06:529 CET] 000000a4 LoginContext E com.worklight.core.auth.impl.LoginContext processRequest FWLSE0059E: Login into realm 'wl_authenticityLoginModule' failed. Missing app authenticity configuration parameters. [project mapruntime]
com.worklight.gadgets.GadgetRuntimeException: Missing app authenticity configuration parameters
at com.worklight.core.auth.ext.appauth.AuthenticityAuthenticatorImpl.processRequest(AuthenticityAuthenticatorImpl.java:82)
at com.worklight.core.auth.ext.AuthenticityAuthenticator.processRequest(AuthenticityAuthenticator.java:79)
at com.worklight.core.auth.impl.LoginContext.processRequest(LoginContext.java:212)
at com.worklight.core.auth.impl.AuthenticationContext.checkAuthentication(AuthenticationContext.java:779)
at com.worklight.core.auth.impl.AuthenticationContext.processRealms(AuthenticationContext.java:679)
at com.worklight.core.auth.impl.AuthenticationContext.pushCurrentResource(AuthenticationContext.java:652)
at com.worklight.core.auth.impl.AuthenticationServiceBean.accessResource(AuthenticationServiceBean.java:81)
at com.worklight.core.auth.impl.AuthenticationFilter.doFilter(AuthenticationFilter.java:228)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:195)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)
at com.worklight.analytics.AnalyticsFilter.doFilter(AnalyticsFilter.java:124)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:195)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:967)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1107)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3926)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:304)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1007)
at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1817)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:200)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:463)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:530)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:316)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:287)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.determineNextChannel(SSLConnectionLink.java:1049)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.readyInboundPostHandshake(SSLConnectionLink.java:717)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink$MyHandshakeCompletedCallback.complete(SSLConnectionLink.java:413)
at com.ibm.ws.ssl.channel.impl.SSLUtils.handleHandshake(SSLUtils.java:1073)
at com.ibm.ws.ssl.channel.impl.SSLHandshakeIOCallback.complete(SSLHandshakeIOCallback.java:87)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1881)
[3/4/16 16:12:06:537 CET] 000000a4 LoginContext E com.worklight.core.auth.impl.LoginContext processRequest FWLSE0117E: Error code: 4, error description: AUTHENTICATION_ERROR, error message: An error occurred while performing authentication using loginModule wl_authenticityLoginModule, User Identity Not available. [project mapruntime] [project mapruntime]
My application-descriptor.xml contains:
<android securityTest="MAPCertLogin" version="1.0.4">
<worklightSettings include="false"/>
<pushSender key="**********" senderId="******"/>
<compressWebResources enabled="true"/>
</android>
<common securityTest="MAPCertLogin"/>
My authenticationConfig.xml:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<tns:loginConfiguration xmlns:tns="http://www.worklight.com/auth/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<!-- Licensed Materials - Property of IBM
5725-I43 (C) Copyright IBM Corp. 2006, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use, duplication or
disclosure restricted by GSA ADP Schedule Contract with IBM Corp. -->
<!---->
<!-- Sample security tests
Even if not used there will be some default webSecurityTest and mobileSecurityTest
Attention: if using <testAppAuthenticity/> test below ,<publicSigningKey> element must be added to application-descriptor.xml as well. -->
<securityTests>
<mobileSecurityTest name="MAPCertLogin">
<testUser realm="MAPLoginRealm"/>
<testDirectUpdate mode="perRequest"/>
<testDeviceId provisioningType="custom" realm="MAPLoginRealm"/>
<!-- testAppAuthenticity -->
</mobileSecurityTest>
<!--
<customSecurityTest name="PushSecurityTest">
<test isInternalUserID="true" realm="MAPLoginRealm"/>
<test isInternalDeviceID="true" realm="MAPLoginRealm" />
</customSecurityTest>
-->
</securityTests>
<realms>
<realm loginModule="StrongDummy" name="SampleAppRealm">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
</realm>
<realm loginModule="MAPLoginModule" name="MAPLoginRealm">
<className>com.worklight.core.auth.ext.DeviceAutoProvisioningAuthenticator</className>
<parameter name="validate-csr-function" value="Authenticator.validateCSR"/>
</realm>
</realms>
<loginModules>
<loginModule expirationInSeconds="-1" name="StrongDummy">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
<loginModule expirationInSeconds="-1" name="requireLogin">
<className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
</loginModule>
<loginModule expirationInSeconds="-1" name="MAPLoginModule">
<className>com.worklight.core.auth.ext.DeviceAutoProvisioningLoginModule</className>
<parameter name="validate-certificate-function" value="Authenticator.validateCertificate"/>
</loginModule>
</loginModules>
</tns:loginConfiguration>
Why do we get the "Missing app authenticity configuration parameters" error while having the appAuthenticityTest disabled?
Regards,
Stijn
I believe this error happens because you are also trying to implement Custom Device Provisioning, however device provisioning requires authenticity... so either fix your authenticity setup per the Application Authenticity tutorial, or remove the device provisioning definition as well.
I am using TestNG + WebDriver for my automation project but order of test execution is not working as expected have specified the order for each method below is the method signature and notation
#Test(dependsOnMethods="verifyElementsOnProfileScreen",alwaysRun = true)
public void verifyMySelfProfileVisibility(){
TestSuit the I have using :
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE suite SYSTEM "http://testng.org/testng-1.0.dtd">
<suite name="regressionSuite" parallel="none">
<parameter name="ApplicationOpt" value="web"></parameter>
<parameter name="Browser" value="firefox"></parameter>
<test name="Test">
<classes>
<!-- Login Module -->
<class name="Tests.Login.LoginApp"/>
<method>
<include name ="loginUser"></include>
</method>
<!-- Portal Module -->
<class name="Tests.Profile.ProfileModule">
<method>
<include name="verifyElementsOnProfileScreen"></include>
<include name="verifyMySelfProfileVisibility"></include>
</method>
</class>
<class name="Tests.Profile.participantAuditLog">
<method>
<include name="verifyAuditLogForCreateProfileEvent"></include>
<include name="verifyAuditLogForUpdateContactInfoEvnet"></include>
<include name="verifyAuditLogForUpdatePrivacyDirective"></include>
</method>
</class>
</classes>
</test> <!-- Test -->
</suite> <!-- regressionSuite -->
Do you mean Classes which specified in testng.xml file not executing in specified order.. then please use preserve-order= "true"
<suite name="MySuite" preserve-order= "true">
<test name="MyTest">
If you want to specify order of methods execution in Class then use priority
#Test( priority = 1 )
group-by-instances="true" also useful if you face situation like execution order of priority methods of different classes are not as expected..
<suite thread-count="2" verbose="10" name="testSuite" parallel="tests">
<test verbose="2" name="MytestCase" group-by-instances="true">
Thank You,
Murali
Getting the error alert after direct update success and app try to reload the application.
Server version: 7.0.0.00.20151020-1831
Project WAR version: 7.0.0.00.20151020-1831
Adapter name: WLClientLogReceiver. Version: 7.0.0.00.20151020-1831
Server authenticationConfiguration setting
<customSecurityTest name="CustomAppAuthenticitySecurity">
<test realm="wl_antiXSRFRealm" step="1"/>
<test realm="wl_authenticityRealm" step="1"/>
<test realm="wl_remoteDisableRealm" step="1"/>
<test realm="wl_directUpdateRealm" mode="perSession" step="1"/>
<test realm="wl_anonymousUserRealm" isInternalUserID="true" step="1"/>
<test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="2"/>
</customSecurityTest>
Client error log: same error message in android and iOS while app try to reload after direct update.
2015-11-04 16:49:12.589 Direct[12642:47638] [TRACE] [WLNativeXHR] callback {"statusText":"Expected status code in (200-299), got 403","status":403,"headers":{"Pragma":"no-cache","X-Powered-By":"Servlet/3.0","Keep-Alive":"timeout=10, max=100","Connection":"Keep-Alive","Content-Type":"application/json; charset=UTF-8","P3P":"policyref=\"/w3c/p3p.xml\", CP=\"CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE\"","Date":"Wed, 04 Nov 2015 21:49:35 GMT","Content-Language":"en-US","Content-Length":"119","Cache-Control":"no-cache, no-store, must-revalidate","Expires":"Thu, 01 Jan 1970 00:00:00 GMT"},"responseText":"/-secure-\n{\"WL-Authentication-Failure\":{\"wl_authenticityRealm\":{\"reason\":\"App authenticity security check failed\"}}}/","wlFailureStatus":"","callbackId":"WLNativeXHRPlugin119420831"}
As mentioned in the comments, this question is tracked as PMR #08772,L6Q,000 as there seems to be no workaround for the error (authenticity failure after Direct Update), other than disabling authenticity...
Trying to setup security on a 6.1 worklight server (Full WAS 8.5.5)
Getting error:
SRVE0232E: Internal Server Error.
Exception Message: [com.ibm.websphere.servlet.session.UnauthorizedSessionRequestException: SESN0008E: A user authenticated as anonymous has attempted to access a session owned by user:defaultWIMFileBasedRealm/uid=wasadmin,o=defaultWIMFileBasedRealm.]
com.ibm.websphere.servlet.session.UnauthorizedSessionRequestException: SESN0008E: A user authenticated as anonymous has attempted to access a session owned by user:defaultWIMFileBasedRealm/uid=wasadmin,o=defaultWIMFileBasedRealm.
IBM WebSphere Application Server
I have edited the following files before deploying the new WAR file...
worklight.properties:
#######################################################################################################################
# Protecting the Worklight Console
#######################################################################################################################
# You can protect the Worklight Console by defining user credentials required to access it.
# In addition to defining these two properties, you should also configure the authenticationConfig.xml file,
# located under <Worklight Root Directory>\server\conf.
console.username=consoleadmin
console.password=consolepassword
Authenticationconfig.xml:
<!-- Uncomment the next element to protect the worklight console and the first section in securityTests below. -->
<staticResources>
<resource id="worklightConsole" securityTest="WorklightConsole">
<urlPatterns>/console*</urlPatterns>
</resource>
<resource id="subscribeServlet" securityTest="SubscribeServlet">
<urlPatterns>/subscribeSMS*;/receiveSMS*</urlPatterns>
</resource>
</staticResources>
<!-- Sample security tests
Even if not used there will be some default webSecurityTest and mobileSecurityTest
Attention: if using <testAppAuthenticity/> test below ,<publicSigningKey> element must be added to application-descriptor.xml as well. -->
<securityTests>
<customSecurityTest name="WorklightConsole">
<test realm="WorklightConsole" isInternalUserID="true"/>
</customSecurityTest>
<!--
<mobileSecurityTest name="mobileTests">
<testAppAuthenticity/>
<testDeviceId provisioningType="none" />
<testUser realm="myMobileLoginForm" />
</mobileSecurityTest>
<webSecurityTest name="webTests">
<testUser realm="myWebLoginForm"/>
</webSecurityTest>
<customSecurityTest name="customTests">
<test realm="wl_antiXSRFRealm" step="1"/>
<test realm="wl_authenticityRealm" step="1"/>
<test realm="wl_remoteDisableRealm" step="1"/>
<test realm="wl_anonymousUserRealm" isInternalUserID="true" step="1"/>
<test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="2"/>
</customSecurityTest>
-->
<customSecurityTest name="SubscribeServlet">
<test realm="SubscribeServlet" isInternalUserID="true"/>
</customSecurityTest>
</securityTests>
Looks to be related to the following questions:
SESN0008E: A user authenticated as anonymous has attempted to access a session owned by user
https://www.ibm.com/developerworks/community/forums/html/topic?id=3ea7b2ae-b9f2-422d-8739-433fa01a190d