I'm working on a chat app where we need instant messaging with XMPP.
While logging in to app, I'm able to authenticate user with OpenFire.
But, in OpenFire logs, I see this
org.jivesoftware.openfire.auth.AuthorizationManager - AuthorizationManager: Trying Default Mapping.map(deep)
2015.01.17 12:39:05 org.jivesoftware.openfire.auth.DefaultAuthorizationMapping - DefaultAuthorizationMapping: No realm found
2015.01.17 12:39:05 org.jivesoftware.openfire.auth.AuthorizationManager - AuthorizationManager: Trying Default Policy.authorize(deep , deep)
2015.01.17 12:39:05 org.jivesoftware.openfire.auth.DefaultAuthorizationPolicy - DefaultAuthorizationPolicy: Checking authenID realm
I'm not getting what kind of warning this is. But it seems like SASL
authentication. And in app, Second time If I try connecting XMPP with
Openfire again, I got this in openfire logs
2015.01.17 12:43:10 org.jivesoftware.openfire.net.SASLAuthentication - SASLAuthentication: SaslException
javax.security.sasl.SaslException: DIGEST-MD5: digest response format violation. Mismatched response.
at com.sun.security.sasl.digest.DigestMD5Server.validateClientResponse(Unknown Source)
at com.sun.security.sasl.digest.DigestMD5Server.evaluateResponse(Unknown Source)
at org.jivesoftware.openfire.net.SASLAuthentication.handle(SASLAuthentication.java:368)
at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:176)
at org.jivesoftware.openfire.nio.ConnectionHandler.messageReceived(ConnectionHandler.java:181)
Cause of these warnings, I'm unable to perform Send friend request functionality
of XMPP.I'm totally confused how to get rid of this kind of warnings.
As in android ,we can disable/enable SASLAuthentication. Is there any
way to disable in IOS. or if there's any other way to solve these
issues. Also,logged in user is not showing online in openfire. Any help would be appreciated. Thanks.
Related
When testing my IBM MobileFirst 7.1 Application with a custom Login Module against a server, I am getting the following log:
[6/15/16 13:21:47:785 COT] 000000f3 LoginContext W com.worklight.core.auth.impl.LoginContext invokeLoginModule FWLSE0239W: Authentication failure in realm 'CustomAuthenticatorRealm': com.httpclient.AuthClient (initialization failure) [project MyProject]
I understand that Authentication failure is a very common log. However, I would like to know if anyone knows about the meaning of (initialization failure) part. What could be the problem here?
You didn't really provide anything to base an investigation after, like which device this is (Android or iOS or?), what is the app type (hybrid or native), how did you implement your custom authentication class and so on...
From what it seems, this specific error may happen when there is a conflict between different http clients. If you are using several, then use only the one bundled by IBM Mobilefirst. If you are not, then provide much more information and more complete logs.
I have a web application using glassfish and form authentication (j_security_check). All the passwords and usernames are stored in a javaDB (derby). I was able to log into the system while developing on the localhost and now that I deployed the app to AWS whenever I try to log in with a user (I have checked that the user actually exists in the DB), I always get the same error (that i normally get when entering wrong details) i.e. WEB9102: Web Login Failed: com.sun.enterprise.security.auth.login.common.LoginException: Login failed.
Any ideas what it might be? I don't even know what info to provide since the issue doesn't even throw an exception or something. thanks
My problem is as follows :
I have an application protected by a mobile security test involving a LDAP server. The corresponding realm is called LDAPrealm. I use the form-based authenticator + custom LDAP login module.
When the connection to the worklight server is lost and then re-established, I see that the current user is not authenticated in the LDAP realm anymore.
What I want is be able to re authenticate the user without having him enter credentials again.
However, since the user is still authenticated for other realms included by default in the mobile security test, the worklight server does not challenge the client again for credentials, which is causing j_security_check error when trying to submit credentials.
As a side note those credentials are stored in the encrypted json store for offline authentication and use of the app.
So my question is :
Is it possible to force the server to challenge the client again for this LDAPrealm and use submitLoginForm to re-log in?
More generally, is there a way to clear a user+device from all realms before trying to log in again?
Edit reasons : previous error was caused by a typo
In the case where the user first logs in online then loses connection then get connection again, calling
WL.Client.logout("LDAPRealm",{onSuccess:stealthed_relog});
and calling WL.Client.connect() later in stealthed_relog before sending credentials seems to wield the desired behaviour.
However, when the user logs in offline and then gets connection, when I try to use WL.Client.connect(), it says another instance of WL.Client.connect has already been called.
edit : for the log offline case, the application get challenged automatically shortly after that the connected event fires (cause of heartbeat? I do not really know), so you just have to use
login_clientside.submitLoginForm();
to successfully log in again.
If someone has a better way to implement auto-reconnecting in worklight with ldap server, feel free to post it and I'll unaccept my answer.
While debugging, we observe following behavior:
1) When trying to get encryption key from server then error on both (iOS or Android) platform
response [https://xxxx.xxxx.com:443/worklight/apps/services/random]
success: Exception thrown by application class
'com.ibm.ws.webcontainer.session.impl.HttpSessionContextImpl.checkSecurity():685'
SESN0008E: A user authenticated as anonymous has
attempted to access a session owned by user:NewRealm/CN=test
user,OU=Temporary Users,OU=Acc,DC=xxxx,DC=com.
2) When trying to read a stored value error on android is [Logcat]
Android Message: Uncaught 9 at
file:///data/data/com.xxxx.xxxxapp/files/www/default/wlclient/js/encryptedcache.js:63
Where try to call WL.EncryptedCache.read
Worklight version used is 5.0.5 Consumer Edition (with Oracle 11i) on
Windows 2008 R2
WebSphere Liberty profile
Worklight server is sitting behind IBM Datapower XI52. All SSL calls to the server are going via DP.
Authenticator - WebSphereFormBasedAuthenticator & LoginModule - WASLTPAModule
The following is not really an answer, since I'm not familiar with authentication (LTPA, FormBasedAuth, Data Power, etc.)... just a couple of comments that could help you debug/isolate the issue.
Looks like a problem with authentication:
A user authenticated as anonymous has attempted to access a session
owned by user:NewRealm/CN=test user,OU=Temporary
Users,OU=Acc,DC=xxxx,DC=com.
Not with the Encrypted Offline Cache (EOC).
EOC will try to get a random token calling the following function:
WL.EncryptedCache.secureRandom(function (data) {
console.log(data);
});
It should output something like this:
response [/apps/services/random] success: 9053bdcfd902aac3dfb59a9874c9cf55223b7d17
9053bdcfd902aac3dfb59a9874c9cf55223b7d17
You can view the functions source code typing the following in a JS console:
WL.EncryptedCache.secureRandom
If you're using Google Chrome developer tools there's a checkbox for Log XMLHttpRequests when you click on the gear icon > General > Console.
You can also try to request the URL directly. Assuming the host is localhost, port is 10080 and project name is wlproj:
http://localhost:10080/wlproj/apps/services/random
9053bdcfd902aac3dfb59a9874c9cf55223b7d17
You can view HTTP traffic with Wireshark or Charles Proxy.
I imagine this will fix the EOC issue for you, if you don't mind generating the random token locally (less security, AFAIK):
WL.EncryptedCache.secureRandom = function(callback){callback(Math.random()+"")}
For example:
Notice it never goes to the server, everything is done locally.
A user authenticated as anonymous has attempted to access a session owned by user:NewRealm/CN=test user,OU=Temporary Users,OU=Acc,DC=xxxx,DC=com.
This usually means that there is a conflict with the session sent by the user (the session cookie) belongs to a user (in this case), but the LTPA token sent as a cookie was not sent or was not valid. There could be a few causes of this. This best way is to do a trace between datapower and the worklight server to make sure an LTPA token is even being sent to the worklight server. If it is, verify all of the LTPA requirements are met (synchronized time, same private key on both machines).
We are receiving the following error message when people attempt to log in.
nHTTP: TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw== [173.164.83.101] authentication failure using internet password
Any ideas why this is happening and why it's preventing appropriate logins ?
Turns out it was a single sign-on setting problem. We fixed the setting and all is working.