Initialization failure on MobileFirst Custom Authentication - authentication

When testing my IBM MobileFirst 7.1 Application with a custom Login Module against a server, I am getting the following log:
[6/15/16 13:21:47:785 COT] 000000f3 LoginContext W com.worklight.core.auth.impl.LoginContext invokeLoginModule FWLSE0239W: Authentication failure in realm 'CustomAuthenticatorRealm': com.httpclient.AuthClient (initialization failure) [project MyProject]
I understand that Authentication failure is a very common log. However, I would like to know if anyone knows about the meaning of (initialization failure) part. What could be the problem here?

You didn't really provide anything to base an investigation after, like which device this is (Android or iOS or?), what is the app type (hybrid or native), how did you implement your custom authentication class and so on...
From what it seems, this specific error may happen when there is a conflict between different http clients. If you are using several, then use only the one bundled by IBM Mobilefirst. If you are not, then provide much more information and more complete logs.

Related

DocuSign API integration issue with RESTful Web Services : javax.ws.rs-api-2.0.1.jar

My project is using DocuSign API to post Envelope with the Java client:
docusign-esign-java-3.2.0.jar
It works fine, but the project also needs to use jCloud with another lib dependency:
javax.ws.rs-api-2.0.1.jar
The server (tomcat) gets an exception when calling the JWT authent of DocuSign:
Could not initialize class com.sun.jersey.core.header.MediaTypes
Is it possible to fix this dependency problem without exploring the DocuSign sources?
welcome to SO.
depending on the dependency management program you are using , you can print a tree and then investigate if there is any conflict.
for gradle,
./gradlew app:dependencies
for Maven
mvn dependency:tree
Also, generally before that message you will see a Java Exception. If you add that or look at it, it may throw more light on the problem.
best wishes.
Yes, we (DocuSign) have this issue logged as an issue for the SDK and as DocuSign internal ticket DCM-3324.
Please ask your DocuSign representative to add your organization information to DCM-3324 to help raise the priority of the issue. Thank you.

Fusionauth ADFS integration issue

I'm evaluating the FusionAuth server locally on my windows machine and I'm trying to set up a identity provider to a adfs server. I have followed the steps as outlined in the docs.
After I login at the adfs I get a 405 error at the /samlv2/acs page.
I have enabled the debug flag on the provider. However no events show up in the System -> Event log page. Should I be able to see these events there?
Under logs catalogue I see a "fusionauth-search" file but no "fusionauth-app" log. Is the fusion-app log the correct place to debug this problem? What could be the reason why it is missing?
Thanks
This looks to be a bug in FusionAuth version 1.7.3.
As a workaround, modify your relying party configuration to use /oauth2/callback instead of /samlv2/acs.
This has been resolved in version 1.7.4. Thanks!
https://fusionauth.io/docs/v1/tech/release-notes/

SASL Authentication Exception while connecting to openfire XMPP IOS

I'm working on a chat app where we need instant messaging with XMPP.
While logging in to app, I'm able to authenticate user with OpenFire.
But, in OpenFire logs, I see this
org.jivesoftware.openfire.auth.AuthorizationManager - AuthorizationManager: Trying Default Mapping.map(deep)
2015.01.17 12:39:05 org.jivesoftware.openfire.auth.DefaultAuthorizationMapping - DefaultAuthorizationMapping: No realm found
2015.01.17 12:39:05 org.jivesoftware.openfire.auth.AuthorizationManager - AuthorizationManager: Trying Default Policy.authorize(deep , deep)
2015.01.17 12:39:05 org.jivesoftware.openfire.auth.DefaultAuthorizationPolicy - DefaultAuthorizationPolicy: Checking authenID realm
I'm not getting what kind of warning this is. But it seems like SASL
authentication. And in app, Second time If I try connecting XMPP with
Openfire again, I got this in openfire logs
2015.01.17 12:43:10 org.jivesoftware.openfire.net.SASLAuthentication - SASLAuthentication: SaslException
javax.security.sasl.SaslException: DIGEST-MD5: digest response format violation. Mismatched response.
at com.sun.security.sasl.digest.DigestMD5Server.validateClientResponse(Unknown Source)
at com.sun.security.sasl.digest.DigestMD5Server.evaluateResponse(Unknown Source)
at org.jivesoftware.openfire.net.SASLAuthentication.handle(SASLAuthentication.java:368)
at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:176)
at org.jivesoftware.openfire.nio.ConnectionHandler.messageReceived(ConnectionHandler.java:181)
Cause of these warnings, I'm unable to perform Send friend request functionality
of XMPP.I'm totally confused how to get rid of this kind of warnings.
As in android ,we can disable/enable SASLAuthentication. Is there any
way to disable in IOS. or if there's any other way to solve these
issues. Also,logged in user is not showing online in openfire. Any help would be appreciated. Thanks.

IBM Worklight v5.0.5 - Encrypted Offline Cache not working in Android or iOS

While debugging, we observe following behavior:
1) When trying to get encryption key from server then error on both (iOS or Android) platform
response [https://xxxx.xxxx.com:443/worklight/apps/services/random]
success: Exception thrown by application class
'com.ibm.ws.webcontainer.session.impl.HttpSessionContextImpl.checkSecurity():685'
SESN0008E: A user authenticated as anonymous has
attempted to access a session owned by user:NewRealm/CN=test
user,OU=Temporary Users,OU=Acc,DC=xxxx,DC=com.
2) When trying to read a stored value error on android is [Logcat]
Android Message: Uncaught 9 at
file:///data/data/com.xxxx.xxxxapp/files/www/default/wlclient/js/encryptedcache.js:63
Where try to call WL.EncryptedCache.read
Worklight version used is 5.0.5 Consumer Edition (with Oracle 11i) on
Windows 2008 R2
WebSphere Liberty profile
Worklight server is sitting behind IBM Datapower XI52. All SSL calls to the server are going via DP.
Authenticator - WebSphereFormBasedAuthenticator & LoginModule - WASLTPAModule
The following is not really an answer, since I'm not familiar with authentication (LTPA, FormBasedAuth, Data Power, etc.)... just a couple of comments that could help you debug/isolate the issue.
Looks like a problem with authentication:
A user authenticated as anonymous has attempted to access a session
owned by user:NewRealm/CN=test user,OU=Temporary
Users,OU=Acc,DC=xxxx,DC=com.
Not with the Encrypted Offline Cache (EOC).
EOC will try to get a random token calling the following function:
WL.EncryptedCache.secureRandom(function (data) {
console.log(data);
});
It should output something like this:
response [/apps/services/random] success: 9053bdcfd902aac3dfb59a9874c9cf55223b7d17
9053bdcfd902aac3dfb59a9874c9cf55223b7d17
You can view the functions source code typing the following in a JS console:
WL.EncryptedCache.secureRandom
If you're using Google Chrome developer tools there's a checkbox for Log XMLHttpRequests when you click on the gear icon > General > Console.
You can also try to request the URL directly. Assuming the host is localhost, port is 10080 and project name is wlproj:
http://localhost:10080/wlproj/apps/services/random
9053bdcfd902aac3dfb59a9874c9cf55223b7d17
You can view HTTP traffic with Wireshark or Charles Proxy.
I imagine this will fix the EOC issue for you, if you don't mind generating the random token locally (less security, AFAIK):
WL.EncryptedCache.secureRandom = function(callback){callback(Math.random()+"")}
For example:
Notice it never goes to the server, everything is done locally.
A user authenticated as anonymous has attempted to access a session owned by user:NewRealm/CN=test user,OU=Temporary Users,OU=Acc,DC=xxxx,DC=com.
This usually means that there is a conflict with the session sent by the user (the session cookie) belongs to a user (in this case), but the LTPA token sent as a cookie was not sent or was not valid. There could be a few causes of this. This best way is to do a trace between datapower and the worklight server to make sure an LTPA token is even being sent to the worklight server. If it is, verify all of the LTPA requirements are met (synchronized time, same private key on both machines).

Oracle application server HTTP error 401 authorization required axis2

I have a jsp application deployed on OAS server 10.1.2.0.2. The problem which I have is that only sometimes the application cannot invoked web service method. The error which I get is :
16:58:52,332 INFO HTTPSender:202 - Unable to sendViaPost to url[http://prodbus.farm.globul.bg:8000/BPACommunicationWS/BPACommunicationWS]
org.apache.axis2.AxisFault: Transport error: 401 Error: Authorization Required
at org.apache.axis2.transport.http.HTTPSender.handleResponse(HTTPSender.java:310)
at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:200)
at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:76)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:400)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:225)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:435)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
The problem is fixed after restart the OC4J instance. Also the allocation of the memory is growing a lot.
Does somebody know the reason of this? I used axis version 1.5.1.
Thanks in advance.
The problem was that I use axis2 for a web service with authorization in ClassOne and in ClassTwo I use axis2 without authoiztion and somehow when I make the authorization in ClassOne axis2 remember that there is a authorization and do it in ClassTwo.
I remove also the set preemptive flag and everything works fine.