Enabling app authenticity and testing for a tampered case has never been easier. In MFP 8.0 it is very simple to setup and test it. Kudos to the development team.
Having said that when the app authenticity fails, the system shows a standard error message "An error was encountered while processing the request from the application" with a title "Error" Link to the image of the error message
Question: Is there a way to customize this error message. For example it would be nice to inform the customer say "App has been tampered and access to MFP server has been denied. Uninstall and reinstall the app from proper source"
-A
It is currently not possible to alter the authenticity check error message. You are encouraged though to submit requests for enhancements: https://mobilefirstplatform.ibmcloud.com/help/
Related
I have installed maximo-anywhere version 7.6.3. This is just a development environment using the simulator with mobilefirst on eclipse.
I am currently unable to login with the following message. Not authorized when logging into Maximo Anywhere - on other environments I have created I have just given the user the correct security group... however in this scenario even though I have deployed the WorkExecution application and provided the user with the ANYWHERE_TECHNICIAN security group the user is still unable to login.
Any thoughts? Has anyone come across this issue?
Login failure
This issue is related to HTTP/HTTPS. It looks like anywhere is currently unable to go over HTTPS.
The error message was just a rogue message throwing it off.
Thanks
During App Authenticity testing in MobileFirst 8.0, I found a strange behavior in switching between enable and disable of App Authenticity setting on Console, using an (Android) app's debug package and release package:
Followed the instruction of signing the app (release package) with mfp-app-authenticity-tool.jar tool, registered .authenticity_data file via Console, and set Security-Check Configurations of the app to use appAuthenticity setting with Expiration Period value.
(For initial connection) After installing the release version of the app on a device, the app successfully connects to MFF Server and calls an adapter.
(After removing the release version of the app from the same device) Installed debug version of the app on the device, and the app fails to connect to MFF Server, as expected.
Disabled App Authenticity by deleting Authenticity File on Console, the debug version of the app on the device successfully connects to MFF Server and calls an adapter.
"Re-enabled" App Authenticity with same instructions as the first step, but the debug version of the app still can connect to MFF Server and calls an adapter. I understand that there's Maximum Token-Expiration Period and Expiration Period setting, but I set both value to 60 seconds for just testing. (Reinstalling the debug version of the app and testing the action without changing on Server gives an expected behavior - i.e. not able to connect.)
I'm wondering if this is normal behavior of enabling / disabling App Authenticity setting in real-time on Console.. and if the feature is designed for just one set of actions of Enable -> Disable only.
Any thought?
Thanks!
By default, App Authenticity is only being checked during the client registration process. Which means that the next time you connect to the server, it will not be checked.
In order to run App Authenticity on every token request, add appAuthenticity to the Mandatory scope section on your application in the console. Then set the expirationSec to 60 seconds for example.
The tutorial was adjusted to clarify this: https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/8.0/authentication-and-security/application-authenticity/#configuring-application-authenticity
Created MFP CF app in Bluemix. Push notification was also working fine with GCM. Today saw a messages that there is an update for MFP in the Bluemix dashboard and clicked "Recreate" button. Server was recreated and all my apps and adapters were gone. Then from my development environment pushed the app and adapters and went to console to configure push notification and add the GCM details. Found an error at the top and now I don't see the text box to add the "Server API Key" and "Sender ID"
Looks like the new update got this issue. Is there a way to fix it or backout and go to the previous version?
Any help would be appreciated.
There is work to assure that such events will not happen, however please note this very important notice about the Mobile Foundation Bluemix service, with the Developer plan:
https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/8.0/bluemix/using-mobile-foundation/
Note: the Developer plan does not offer a persistent database, as such be sure to backup your configuration as explained in the Troubleshooting section.
Such data loss may occur.
For now you will need to reconfigure your GCM credentials in the console.
Have changed the status of my app to Active notifying in mobilefirst console, and I have tried to send custom notification message to app, but the application on device is not receiving the message sent from mobilefirst console.
In the app, we are using WL.Client.connect, and we are using adapters as well, any suggestions ?
Where can we check whether this feature is disabled in worklight?
Any mobilefirst trace that we can enable to identify the issue?
Kindly suggest.
You cannot disable the feature, it's either used (by setting the app version to Remote Notify) or not used.
The message appears only once during the application lifecycle (unless you send a different message), so make sure you didn't miss it.
Additionally, make sure that in case you have multiple versions of your app, that you are looking at the correct app version that you've sent the message to.
In our ipad application user has to enter his details for registration. After user enter his details we save those details in the Device's keychain. So next time user launched the app user can use the app without registering again. Since we save it in the keychain even the app reinstall by deleting is also works fine.
To write to key chain we use sskeychain class as most developer do. This feature is working properly in devices without any issue.
One of our client use their symantec (unitymobile) mdm to distribute this app to their users. But when user install it through the mdm app gives following error when saving data to the key chain.
"The operation couldn’t be completed. (com.samsoffes.sskeychain error
-34018.)"
Initially we thought this is due to one of the policies they have included. But no luck. Can some one please tell me what has happened here and how to solve this issue.
P.S.
Actually underlying error was this.
(OSStatus error -34018 - client has neither application-identifier nor keychain-access-groups entitlements)