Direct Update For Windows phone 8 devices is not working while it is working fine with iOS any idea ?
Enviornment : Mobile First 7.1.0
Windows phone 8 Nokia
Application Descriptor Editor->WIndows phone 8 -> Security Test: Default
while App Authenticity Config is set up Basic.Below is authenticationConfig.xml
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<tns:loginConfiguration xmlns:tns="http://www.worklight.com/auth/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<staticResources>
<resource id="receiveSMS" securityTest="SubscribeServlet">
<urlPatterns>/receiveSMS*</urlPatterns>
</resource>
</staticResources>
<securityTests>
<customSecurityTest name="SubscribeServlet">
<test realm="wl_directUpdateRealm" step="1"/>
<test isInternalUserID="true" realm="SubscribeServlet"/>
</customSecurityTest>
<customSecurityTest name="LDAPSecurityTest">
<test isInternalUserID="true" realm="LDAPRealm"/>
</customSecurityTest>
<customSecurityTest name="winfoneSecurityTest">
<test realm="wl_remoteDisableRealm" step="1"/>
<test mode="perSession" realm="wl_directUpdateRealm" step="1"/>
<test isInternalUserID="true" realm="wl_anonymousUserRealm" step="1"/>
<test isInternalDeviceID="true" realm="wl_deviceNoProvisioningRealm" step="2"/>
</customSecurityTest>
</securityTests>
<realms>
<realm loginModule="rejectAll" name="SubscribeServlet">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm>
</realms>
<loginModules><!-- cannot share confidential info --></loginModules>
</tns:loginConfiguration>
Related
I'm trying to make direct update work on my IBM MobileFirst application, but it works only for Android version.
Here is my conf files.
authenticationConfig.xml
<?xml version="1.0" encoding="UTF-8"?>
<tns:loginConfiguration xmlns:tns="http://www.worklight.com/auth/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<staticResources>
<resource id="subscribeServlet" securityTest="SubscribeServlet">
<urlPatterns>/subscribeSMS*;/receiveSMS*;/ussd*</urlPatterns>
</resource>
</staticResources>
<securityTests>
<mobileSecurityTest name="mobileWithDirectUpdate">
<testDirectUpdate mode="perSession"/>
</mobileSecurityTest>
<customSecurityTest name="securityCanalLojista">
<test realm="wl_authenticityRealm" step="1"/>
<test realm="wl_antiXSRFRealm" step="2"/>
<test realm="wl_remoteDisableRealm" step="2"/>
<test isInternalUserID="true" realm="wl_anonymousUserRealm" step="2"/>
<test isInternalDeviceID="true" realm="wl_deviceNoProvisioningRealm" step="2"/>
<test realm="wl_directUpdateRealm" mode="perSession" step="1" />
</customSecurityTest>
<customSecurityTest name="SubscribeServlet">
<test realm="SubscribeServlet" isInternalUserID="true"/>
</customSecurityTest>
</securityTests>
<realms>
<realm name="SampleAppRealm" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
</realm>
<realm name="SubscribeServlet" loginModule="rejectAll">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm>
</realms>
<loginModules>
<loginModule name="StrongDummy" expirationInSeconds="3600">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
<loginModule name="requireLogin" expirationInSeconds="3600">
<className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
</loginModule>
<loginModule name="rejectAll" expirationInSeconds="3600">
<className>com.worklight.core.auth.ext.RejectingLoginModule</className>
</loginModule>
</loginModules>
</tns:loginConfiguration>
applicationDescriptor.xml
<?xml version='1.0' encoding='utf-8'?>
<application id="br_com_customer_CanalLojista" platformVersion="7.1.0.00.20160229-1240" xmlns="http://www.worklight.com/application-descriptor" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<displayName>CanalLojista</displayName>
<description>A sample Apache Cordova application that responds to the deviceready event.</description>
<author>
<name>IBM MobileFirst Team</name>
<email>mobileb#us.ibm.com</email>
<copyright>Copyright My Company</copyright>
<homepage>https://developer.ibm.com/mobilefirstplatform/documentation/getting-started</homepage>
</author>
<mainFile>index.html</mainFile>
<thumbnailImage>www/img/thumbnail.png</thumbnailImage>
<accessTokenExpiration>3600</accessTokenExpiration>
<userIdentityRealms />
<licenseAppType>APPLICATION</licenseAppType>
<targetCategory>UNDEFINED</targetCategory>
<android version="1.0.0" securityTest="securityCanalLojista">
<worklightSettings include="false" />
<security>
<encryptWebResources enabled="false" />
<testWebResourcesChecksum enabled="false" ignoreFileExtensions="png, jpg, jpeg, gif, mp4, mp3" />
<publicSigningKey>MyPublicKeyuhaush</publicSigningKey>
<packageName>br.com.customer.CanalLojista</packageName>
</security>
</android>
<iphone bundleId="br.com.customer.CanalLojista" applicationId="br_com_customer_CanalLojista" version="1.0.0" securityTest="securityCanalLojista">
<worklightSettings include="false" />
<security>
<encryptWebResources enabled="false" />
<testWebResourcesChecksum enabled="false" ignoreFileExtensions="png, jpg, jpeg, gif, mp4, mp3" />
</security>
</iphone>
</application>
My deployed version is using my securityTest.
On this IBM article Enabling Direct Update Authenticity checks and see something about directUpdateAuthenticityPublicKey tag, but I'm sure if I really need to set it up because it's not necessary to see it working on Android.
Anybody knows what's wrong on my project?
Sorry guys, my configuration is OK, I was changing a code that wasn't necessary to ipad/iphone, that's the reason why it didn't downloading a new version. After change a file that's necessary on ipad it downloaded a new version.
I want to disable the automatic updates on MobileFirst 7.0 server for Android application. I have already tried the approach described here:
IBM MobileFirst 7.0 - How to disable auto-update
and here
https://www.ibm.com/support/knowledgecenter/SSHS8R_7.1.0/com.ibm.worklight.dev.doc/admin/c_direct_update_as_security_realm.html?lang=en
, but with no luck.
My original authenticationConfig.xml file looked like this:
<?xml version="1.0" encoding="UTF-8"?>
<tns:loginConfiguration xmlns:tns="http://www.worklight.com/auth/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<!-- Licensed Materials - Property of IBM
5725-I43 (C) Copyright IBM Corp. 2006, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use, duplication or
disclosure restricted by GSA ADP Schedule Contract with IBM Corp. -->
<staticResources>
<!--
<resource id="logUploadServlet" securityTest="LogUploadServlet">
<urlPatterns>/apps/services/loguploader*</urlPatterns>
</resource>
-->
<resource id="subscribeServlet" securityTest="SubscribeServlet">
<urlPatterns>/subscribeSMS*;/receiveSMS*;/ussd*</urlPatterns>
</resource>
</staticResources>
<!-- Sample security tests
Even if not used there will be some default webSecurityTest and mobileSecurityTest
Attention: If you are adding an app authenticity realm to a security test,
you must also update the application-descriptor.xml. Please refer to the user documentation
on application authenticity for environment specific guidelines. -->
<securityTests>
<!--
<mobileSecurityTest name="mobileTests">
<testAppAuthenticity/>
<testDeviceId provisioningType="none" />
<testUser realm="myMobileLoginForm" />
<testDirectUpdate mode="perSession" />
</mobileSecurityTest>
<webSecurityTest name="webTests">
<testUser realm="myWebLoginForm"/>
</webSecurityTest>
<customSecurityTest name="customTests">
<test realm="wl_antiXSRFRealm" step="1"/>
<test realm="wl_authenticityRealm" step="1"/>
<test realm="wl_remoteDisableRealm" step="1"/>
<test realm="wl_directUpdateRealm" mode="perSession" step="1"/>
<test realm="wl_anonymousUserRealm" isInternalUserID="true" step="1"/>
<test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="2"/>
</customSecurityTest>
<customSecurityTest name="LogUploadServlet">
<test realm="wl_anonymousUserRealm" step="1"/>
<test realm="LogUploadServlet" isInternalUserID="true"/>
</customSecurityTest>
-->
<customSecurityTest name="SubscribeServlet">
<test realm="SubscribeServlet" isInternalUserID="true"/>
</customSecurityTest>
</securityTests>
<realms>
<realm name="SampleAppRealm" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
</realm>
<realm name="SubscribeServlet" loginModule="rejectAll">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm>
<!-- For client logger -->
<!-- <realm name="LogUploadServlet" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm -->
<!-- For websphere -->
<!-- realm name="WASLTPARealm" loginModule="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
<parameter name="login-page" value="/login.html"/>
<parameter name="error-page" value="/loginError.html"/>
</realm -->
<!-- For User Certificate Authentication -->
<!-- realm name="wl_userCertificateAuthRealm" loginModule="WLUserCertificateLoginModule">
<className>com.worklight.core.auth.ext.UserCertificateAuthenticator</className>
<parameter name="dependent-user-auth-realm" value="WASLTPARealm" />
<parameter name="pki-bridge-class" value="com.worklight.core.auth.ext.UserCertificateEmbeddedPKI" />
<parameter name="embedded-pki-bridge-ca-p12-file-path" value="/opt/ssl_ca/ca.p12"/>
<parameter name="embedded-pki-bridge-ca-p12-password" value="capassword" />
</realm -->
<!-- For Trusteer Fraud Detection -->
<!-- Requires acquiring Trusteer SDK -->
<!-- realm name="wl_basicTrusteerFraudDetectionRealm" loginModule="trusteerFraudDetectionLogin">
<className>com.worklight.core.auth.ext.TrusteerAuthenticator</className>
<parameter name="rooted-device" value="block"/>
<parameter name="device-with-malware" value="block"/>
<parameter name="rooted-hiders" value="block"/>
<parameter name="unsecured-wifi" value="alert"/>
<parameter name="outdated-configuration" value="alert"/>
</realm -->
</realms>
<loginModules>
<loginModule name="StrongDummy">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
<loginModule name="requireLogin">
<className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
</loginModule>
<loginModule name="rejectAll">
<className>com.worklight.core.auth.ext.RejectingLoginModule</className>
</loginModule>
<!-- Required for Trusteer - wl_basicTrusteerFraudDetectionRealm -->
<!-- loginModule name="trusteerFraudDetectionLogin">
<className>com.worklight.core.auth.ext.TrusteerLoginModule</className>
</loginModule-->
<!-- For websphere -->
<!-- loginModule name="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
</loginModule -->
<!-- Login module for User Certificate Authentication -->
<!-- <loginModule name="WLUserCertificateLoginModule">
<className>com.worklight.core.auth.ext.UserCertificateLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with no-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceNoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with auto-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceAutoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
</loginModules>
</tns:loginConfiguration>
After many trials, I ended with this:
<?xml version="1.0" encoding="UTF-8"?>
<tns:loginConfiguration xmlns:tns="http://www.worklight.com/auth/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<!-- Licensed Materials - Property of IBM
5725-I43 (C) Copyright IBM Corp. 2006, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use, duplication or
disclosure restricted by GSA ADP Schedule Contract with IBM Corp. -->
<staticResources>
<!--
<resource id="logUploadServlet" securityTest="LogUploadServlet">
<urlPatterns>/apps/services/loguploader*</urlPatterns>
</resource>
-->
<resource id="subscribeServlet" securityTest="SubscribeServlet">
<urlPatterns>/subscribeSMS*;/receiveSMS*;/ussd*</urlPatterns>
</resource>
</staticResources>
<!-- Sample security tests
Even if not used there will be some default webSecurityTest and mobileSecurityTest
Attention: If you are adding an app authenticity realm to a security test,
you must also update the application-descriptor.xml. Please refer to the user documentation
on application authenticity for environment specific guidelines. -->
<securityTests>
<!--
<mobileSecurityTest name="mobileTests">
<testAppAuthenticity/>
<testDeviceId provisioningType="none" />
<testUser realm="myMobileLoginForm" />
<testDirectUpdate mode="disabled" />
</mobileSecurityTest>
<webSecurityTest name="webTests">
<testUser realm="myWebLoginForm"/>
</webSecurityTest>
-->
<customSecurityTest name="customTests">
<test realm="wl_antiXSRFRealm" step="1"/>
<test realm="wl_authenticityRealm" step="1"/>
<test realm="wl_remoteDisableRealm" step="1"/>
<test realm="wl_directUpdateRealm" mode="disabled" step="1"/>
<test realm="wl_anonymousUserRealm" isInternalUserID="true" step="1"/>
<test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="2"/>
</customSecurityTest>
<!--
<customSecurityTest name="LogUploadServlet">
<test realm="wl_anonymousUserRealm" step="1"/>
<test realm="LogUploadServlet" isInternalUserID="true"/>
</customSecurityTest>
-->
<customSecurityTest name="SubscribeServlet">
<test realm="wl_directUpdateRealm" mode="disabled" step="1"/>
<test realm="SubscribeServlet" isInternalUserID="true"/>
</customSecurityTest>
<customSecurityTest name="SampleAppRealm">
<test realm="wl_directUpdateRealm" mode="disabled" step="1"/>
<test realm="SampleAppRealm" isInternalUserID="true"/>
</customSecurityTest>
<mobileSecurityTest name="mobileTests">
<testDirectUpdate mode="disabled"/>
<testDeviceId provisioningType="none"></testDeviceId>
<testUser realm="wl_anonymousUserRealm"></testUser>
</mobileSecurityTest>
</securityTests>
<realms>
<realm name="SampleAppRealm" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
</realm>
<realm name="SubscribeServlet" loginModule="rejectAll">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm>
<!-- For client logger -->
<!-- <realm name="LogUploadServlet" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm -->
<!-- For websphere -->
<!-- realm name="WASLTPARealm" loginModule="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
<parameter name="login-page" value="/login.html"/>
<parameter name="error-page" value="/loginError.html"/>
</realm -->
<!-- For User Certificate Authentication -->
<!-- realm name="wl_userCertificateAuthRealm" loginModule="WLUserCertificateLoginModule">
<className>com.worklight.core.auth.ext.UserCertificateAuthenticator</className>
<parameter name="dependent-user-auth-realm" value="WASLTPARealm" />
<parameter name="pki-bridge-class" value="com.worklight.core.auth.ext.UserCertificateEmbeddedPKI" />
<parameter name="embedded-pki-bridge-ca-p12-file-path" value="/opt/ssl_ca/ca.p12"/>
<parameter name="embedded-pki-bridge-ca-p12-password" value="capassword" />
</realm -->
<!-- For Trusteer Fraud Detection -->
<!-- Requires acquiring Trusteer SDK -->
<!-- realm name="wl_basicTrusteerFraudDetectionRealm" loginModule="trusteerFraudDetectionLogin">
<className>com.worklight.core.auth.ext.TrusteerAuthenticator</className>
<parameter name="rooted-device" value="block"/>
<parameter name="device-with-malware" value="block"/>
<parameter name="rooted-hiders" value="block"/>
<parameter name="unsecured-wifi" value="alert"/>
<parameter name="outdated-configuration" value="alert"/>
</realm -->
</realms>
<loginModules>
<loginModule name="StrongDummy">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
<loginModule name="requireLogin">
<className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
</loginModule>
<loginModule name="rejectAll">
<className>com.worklight.core.auth.ext.RejectingLoginModule</className>
</loginModule>
<!-- Required for Trusteer - wl_basicTrusteerFraudDetectionRealm -->
<!-- loginModule name="trusteerFraudDetectionLogin">
<className>com.worklight.core.auth.ext.TrusteerLoginModule</className>
</loginModule-->
<!-- For websphere -->
<!-- loginModule name="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
</loginModule -->
<!-- Login module for User Certificate Authentication -->
<!-- <loginModule name="WLUserCertificateLoginModule">
<className>com.worklight.core.auth.ext.UserCertificateLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with no-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceNoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with auto-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceAutoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
</loginModules>
</tns:loginConfiguration>
, but it is not working for me. And I am sure that the edited authenticationConfig.xml file is used (if I make mistake in them, server refuses to load it). What am I doing wrong?
You need to add the securityTest attribute to the environment element in application-descriptor.xml.
For example: <android version="1.0" securityTest="name-of-security-test"/>
Learn more about security tests: https://www.ibm.com/developerworks/community/blogs/worklight/entry/understanding_predefined_worklight_authentication_realms_and_security_tests11?lang=en
One of my team member came to me and shown that he has used two security tests with the exactly same names and the Studio is not giving any exception.
MobileFirst v7.0
Eclipse Luna R2 (4.4.2)
Windows 8
Here is the extract.
<securityTests>
<customSecurityTest name="MySecurityTest">
<test realm="wl_antiXSRFRealm" />
<test realm="wl_remoteDisableRealm" />
<test realm="wl_directUpdateRealm" mode="perSession" step="1"/>
<test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="1" />
<test realm="AdapterAuthRealmDuplicate" isInternalUserID="true" step="2" />
</customSecurityTest>
<customSecurityTest name="MySecurityTest">
<test realm="wl_antiXSRFRealm" />
<test realm="wl_remoteDisableRealm" />
<test realm="wl_directUpdateRealm" mode="perSession" step="1"/>
<test realm="AdapterAuthRealm" isInternalUserID="true" step="2" />
</customSecurityTest>
</securityTests>
<realms>
<realm loginModule="AdapterAuthLoginModule" name="AdapterAuthRealm">
<className>com.worklight.integration.auth.AdapterAuthenticator</className>
<parameter name="login-function" value="Mydapter.onAuthRequired"/>
<parameter name="logout-function" value="Mydapter.onLogout"/>
</realm>
<realm loginModule="AdapterAuthLoginModule" name="AdapterAuthRealmDuplicate">
<className>com.worklight.integration.auth.AdapterAuthenticator</className>
<parameter name="login-function" value="Mydapter.onAuthRequired"/>
<parameter name="logout-function" value="Mydapter.onLogout"/>
</realm>
</realms>
My question is:
Is this okay? keeping in mind the future compatibilities ?
If multiples are allowed, then how they work i.e. how the challenge handlers
execution flow (steps) goes.
Does it combine both together ?
I think it should not allow two security tests with same names.
Please help me understand this, otherwise I would change it or keep it.
Note:- I had asked one question and this is different question.
Worklight: multiple security realms
This is not the same as realms. It should not be allowed.
I will open a defect to handle this.
Do not create two custom security checks with the same name value.
I made changes in the MobileFirst application and deployed on to the mobile device it is asking for "update for the application is available in android" How to disable it.
This is my authenticationConfig.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<tns:loginConfiguration xmlns:tns="http://www.worklight.com/auth/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<staticResources>
<!--
<resource id="logUploadServlet" securityTest="LogUploadServlet">
<urlPatterns>/apps/services/loguploader*</urlPatterns>
</resource>
-->
<resource id="subscribeServlet" securityTest="SubscribeServlet">
<urlPatterns>/subscribeSMS*;/receiveSMS*;/ussd*</urlPatterns>
</resource>
</staticResources>
<securityTests>
<!--
<mobileSecurityTest name="mobileTests">
<testAppAuthenticity/>
<testDeviceId provisioningType="none" />
<testUser realm="myMobileLoginForm" />
<testDirectUpdate mode="disabled" />
</mobileSecurityTest>
<webSecurityTest name="webTests">
<testUser realm="myWebLoginForm"/>
</webSecurityTest>
<customSecurityTest name="customTests">
<test realm="wl_antiXSRFRealm" step="1"/>
<test realm="wl_authenticityRealm" step="1"/>
<test realm="wl_remoteDisableRealm" step="1"/>
<test realm="wl_directUpdateRealm" mode="perSession" step="1"/>
<test realm="wl_anonymousUserRealm" isInternalUserID="true" step="1"/>
<test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="2"/>
</customSecurityTest>
<customSecurityTest name="LogUploadServlet">
<test realm="wl_anonymousUserRealm" step="1"/>
<test realm="LogUploadServlet" isInternalUserID="true"/>
</customSecurityTest>
-->
<customSecurityTest name="SubscribeServlet">
<test realm="SubscribeServlet" isInternalUserID="true"/>
</customSecurityTest>
</securityTests>
<realms>
<realm name="SampleAppRealm" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
</realm>
<realm name="SubscribeServlet" loginModule="rejectAll">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm>
<!-- For client logger -->
<!-- <realm name="LogUploadServlet" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm -->
<!-- For websphere -->
<!-- realm name="WASLTPARealm" loginModule="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
<parameter name="login-page" value="/login.html"/>
<parameter name="error-page" value="/loginError.html"/>
</realm -->
<!-- For User Certificate Authentication -->
<!-- realm name="wl_userCertificateAuthRealm" loginModule="WLUserCertificateLoginModule">
<className>com.worklight.core.auth.ext.UserCertificateAuthenticator</className>
<parameter name="dependent-user-auth-realm" value="WASLTPARealm" />
<parameter name="pki-bridge-class" value="com.worklight.core.auth.ext.UserCertificateEmbeddedPKI" />
<parameter name="embedded-pki-bridge-ca-p12-file-path" value="/opt/ssl_ca/ca.p12"/>
<parameter name="embedded-pki-bridge-ca-p12-password" value="capassword" />
</realm -->
<!-- For Trusteer Fraud Detection -->
<!-- Requires acquiring Trusteer SDK -->
<!-- realm name="wl_basicTrusteerFraudDetectionRealm" loginModule="trusteerFraudDetectionLogin">
<className>com.worklight.core.auth.ext.TrusteerAuthenticator</className>
<parameter name="rooted-device" value="block"/>
<parameter name="device-with-malware" value="block"/>
<parameter name="rooted-hiders" value="block"/>
<parameter name="unsecured-wifi" value="alert"/>
<parameter name="outdated-configuration" value="alert"/>
</realm -->
</realms>
<loginModules>
<loginModule name="StrongDummy">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
<loginModule name="requireLogin">
<className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
</loginModule>
<loginModule name="rejectAll">
<className>com.worklight.core.auth.ext.RejectingLoginModule</className>
</loginModule>
<!-- Required for Trusteer - wl_basicTrusteerFraudDetectionRealm -->
<!-- loginModule name="trusteerFraudDetectionLogin">
<className>com.worklight.core.auth.ext.TrusteerLoginModule</className>
</loginModule-->
<!-- For websphere -->
<!-- loginModule name="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
</loginModule -->
<!-- Login module for User Certificate Authentication -->
<!-- <loginModule name="WLUserCertificateLoginModule">
<className>com.worklight.core.auth.ext.UserCertificateLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with no-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceNoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with auto-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceAutoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
</loginModules>
</tns:loginConfiguration>
Well, you can "disable auto-update" easily. try this way
Mobile security test
If a Direct Update test is not specified in a mobile security test, it is enabled with the default perSession mode. To change the direct update mode to perRequest in a mobile security test, add a direct update test with mode="perRequest" to a mobile security test: <testDirectUpdate mode="perRequest"/>. To disable direct update in a mobile security test, add a direct update test with mode="disabled" to the mobile security test: <testDirectUpdate mode="disabled"/>.
Custom security test
To add a Direct Update test to a custom security test, add the following test to the security test: <test realm="wl_directUpdateRealm"/>. The default mode is perSession. To change the mode, specify a value for the mode attribute: <test realm="wl_directUpdateRealm" mode="perRequest"/>. To disable automatic Direct Update in a custom security test, either set the mode to disabled or do not add a test with a Direct Update realm.
Now ,re-build the project and re-deploy the .war file (local server,production server) as well use an updated application
more information https://www-01.ibm.com/support/knowledgecenter/SSHS8R_7.1.0/com.ibm.worklight.dev.doc/admin/c_direct_update_as_security_realm.html?lang=en
Remove the Direct Update security test from your security tests in authenticationConfig.xml. If in a non-development (Studio/CLI) environment, make sure to also re-build the project and re-deploy the .war file as well use an updated application.
I was reviewing on how to implement the SSO through the following URL:
http://www-01.ibm.com/support/knowledgecenter/#!/SSZH4A_6.2.0/com.ibm.worklight.dev.doc/devref/t_configuring_device_SSO.html
Matching with our code, the authenticationConfig.xml is implemented to be the following:
<customSecurityTest name="BankingTestMobile">
<test realm="wl_antiXSRFRealm" step="2"/>
<test realm="wl_authenticityRealm" step="2"/>
<test realm="wl_remoteDisableRealm" step="2"/>
<test realm="wl_directUpdateRealm" mode="perSession" step="1"/>
<test realm="wl_anonymousUserRealm" isInternalUserID="true" step="2"/>
<test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="2"/>
<test realm="MySSO" isInternalUserID="true" step="3"/>
</customSecurityTest>
Realm:
<realm loginModule="BankingLoginModule" name="BankingRealm">
<className>com.worklight.integration.auth.AdapterAuthenticator</className>
<parameter name="login-function" value="MBCAuthenticationAdapter.onAuthRequired" />
<parameter name="logout-function" value="MBCAuthenticationAdapter.onLogout" />
</realm>
Login Module:
<loginModule name="BankingLoginModule" ssoDeviceLoginModule="WLDeviceNoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
My question is in the <customSecurityTest>. From where the SSO realm is getting picked up? What the realm name should be for SSO?
Do I need to define a realm for it?
I'm not sure how the configuration actually should be done on the <customSecurityTest> where in the <mobileSecurityTest> it is clear.
Thank you.
I believe you should change the <test realm="MySSO" ... to "BankingRealm" (or the vice versa).
Also see here: App will throw exception at when I first login when device SSO is enabled