Worklight 6.2 Authentication to LDAP using OpenDS - authentication

I am struggling to get ldap authentication using openDS to work. I am using Worklight Studio 6.2 and Apache DS 2.0 as the ldap browser.
The project is supposed to call a login page, and then submit the username and password for authentication to ldap.
I get the following error in the firefox console:
POST http://x.x.x.x:10080/LDAPTest/apps/services/j_security_check [HTTP/1.1 200 OK 253ms]
undefined entity j_security_check:134
And in eclipse in the worklight console:
[WARNING ] FWLSE0138W: LdapLoginModule authentication failed. Reason 'javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
[WARNING ] FWLSE0239W: Authentication failure in realm 'LDAPRealm': login fail [project LDAPTest]
I thought that the issue would be either my connection string or my challange handler. But I suspect that since my errror is invalid credentials that it must be my connection string in the authenticationconfig.xml.
I have tried several methods including some of the posts here such as :
Worklight LDAP authentication using ApacheDS
Worklight LDAP authentication using ApacheDS 2.0
and there others. I followed the IBM LDAP sample to set this up and I have checked to make sure that I have the same structure.
Any help figuring this out would be much appreciated. Also if you think I should check my LDAP config, I can post that too I followed a tutorial from openDS wiki. I was able to connect to it using apache browser studio and softera LDAP administrator.
My project is as follows:-
index.html:
<!DOCTYPE HTML>
<html>
<head>
<meta charset="UTF-8">
<title>LDAPTest</title>
<meta name="viewport"
content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=0">
<!--
<link rel="shortcut icon" href="images/favicon.png">
<link rel="apple-touch-icon" href="images/apple-touch-icon.png">
-->
<link rel="stylesheet" href="css/main.css">
<script>window.$ = window.jQuery = WLJQ;</script>
</head>
<body style="display: none;">
<div id="header">
<h1>SigmaLDAP Login Module</h1>
</div>
<div id="wrapper">
<div id="AppDiv">
<input type="button" class="appButton"
value="Call protected adapter proc" onclick="getSecretData()" /> <input
type="button" class="appButton" value="Logout"
onclick="WL.Client.logout('LDAPRealm',{onSuccess: WL.Client.reloadApp})" />
<p id="resultDiv"></p>
</div>
<div id="AuthDiv" style="display: none">
<div id="loginForm">
<input type="text" id="usernameInputField"
placeholder="Enter username" /> <br /> <input type="password"
placeholder="Enter password" id="passwordInputField" /> <br /> <input
type="button" class="formButton" id="loginButton" value="Login" />
<input type="button" class="formButton" id="cancelButton"
value="Cancel" />
</div>
</div>
</div>
<script src="js/initOptions.js"></script>
<script src="js/main.js"></script>
<script src="js/messages.js"></script>
<script src="js/LDAPRealmChallenger.js"></script>
</body>
</html>
Main.js
function wlCommonInit(){
}
function getSecretData(){
WL.Logger.info('invoking the adpater');
var invocationData = {
adapter: "LDAPter",
procedure: "getSecretData",
parameters: []
};
WL.Client.invokeProcedure(invocationData, {
onSuccess: getSecretData_Callback,
onFailure: getSecretData_Callback,
timeout: 2000
});
}
function getSecretData_Callback(response){
$("#resultDiv").css("padding", "10px");
$("#resultDiv").html(new Date() + "<hr/>");
$("#resultDiv").append("Secret data :: " + response.invocationResult.secretData + "<hr/>");
$("#resultDiv").append("Response :: " + JSON.stringify(response));
}
My Challenger.js
var LDAPRealmChallengeHandler = WL.Client.createChallengeHandler("LDAPRealm");
LDAPRealmChallengeHandler.isCustomResponse = function(response) {
if (!response || !response.responseText) {
WL.Logger.info('failed to authenticate');
}
var idx = response.responseText.indexOf("j_security_check");
if (idx >= 0){
WL.Logger.info("Authenticated");
return true;
}
return false;
};
LDAPRealmChallengeHandler.handleChallenge = function(response){
$('#AppDiv').hide();
$('#AuthDiv').show();
$('#passwordInputField').val('');
};
$('#loginButton').bind('click', function () {
var reqURL = '/j_security_check';
var options = {};
options.parameters = {
j_username : $('#usernameInputField').val(),
j_password : $('#passwordInputField').val()
};
options.headers = {};
LDAPRealmChallengeHandler.submitLoginForm(reqURL, options, LDAPRealmChallengeHandler.submitLoginFormCallback);
});
$('#cancelButton').bind('click', function () {
$('#AppDiv').show();
$('#AuthDiv').hide();
LDAPRealmChallengeHandler.submitFailure();
});
LDAPRealmChallengeHandler.submitLoginFormCallback = function(response) {
var isLoginFormResponse = LDAPRealmChallengeHandler.isCustomResponse(response);
if (isLoginFormResponse){
LDAPRealmChallengeHandler.handleChallenge(response);
} else {
$('#AppDiv').show();
$('#AuthDiv').hide();
LDAPRealmChallengeHandler.submitSuccess();
}
};
My adpater:
the js file
function getSecretData(){
console.log("getting you secrets mofos");
return {secretData: 1234};
}
The xml file:
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed Materials - Property of IBM
5725-I43 (C) Copyright IBM Corp. 2011, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use, duplication or
disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
-->
<wl:adapter name="LDAPter"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:wl="http://www.worklight.com/integration"
xmlns:http="http://www.worklight.com/integration/http">
<displayName>LDAPter</displayName>
<description>LDAPter</description>
<connectivity>
<connectionPolicy xsi:type="http:HTTPConnectionPolicyType">
<protocol>http</protocol>
<domain>none</domain>
<port>80</port>
</connectionPolicy>
<loadConstraints maxConcurrentConnectionsPerNode="2" />
</connectivity>
<procedure name="getSecretData" securityTest="LDAPSecurityTest" />
</wl:adapter>
The authenticationConfig.xml:
<?xml version="1.0" encoding="UTF-8"?>
<tns:loginConfiguration xmlns:tns="http://www.worklight.com/auth/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<!-- Licensed Materials - Property of IBM 5725-I43 (C) Copyright IBM Corp.
2006, 2013. All Rights Reserved. US Government Users Restricted Rights -
Use, duplication or disclosure restricted by GSA ADP Schedule Contract with
IBM Corp. -->
<staticResources>
<!-- <resource id="logUploadServlet" securityTest="LogUploadServlet"> <urlPatterns>/apps/services/loguploader*</urlPatterns>
</resource> -->
<resource id="subscribeServlet" securityTest="SubscribeServlet">
<urlPatterns>/subscribeSMS*;/receiveSMS*;/ussd*</urlPatterns>
</resource>
</staticResources>
<!-- Sample security tests Even if not used there will be some default webSecurityTest
and mobileSecurityTest Attention: If you are adding an app authenticity realm
to a security test, you must also update the application-descriptor.xml.
Please refer to the user documentation on application authenticity for environment
specific guidelines. -->
<securityTests>
<customSecurityTest name="LDAPSecurityTest">
<test isInternalUserID="true" realm="LDAPRealm" />
</customSecurityTest>
<!-- <mobileSecurityTest name="mobileTests"> <testAppAuthenticity/> <testDeviceId
provisioningType="none" /> <testUser realm="myMobileLoginForm" /> <testDirectUpdate
mode="perSession" /> </mobileSecurityTest> <webSecurityTest name="webTests">
<testUser realm="myWebLoginForm"/> </webSecurityTest> <customSecurityTest
name="customTests"> <test realm="wl_antiXSRFRealm" step="1"/> <test realm="wl_authenticityRealm"
step="1"/> <test realm="wl_remoteDisableRealm" step="1"/> <test realm="wl_directUpdateRealm"
mode="perSession" step="1"/> <test realm="wl_anonymousUserRealm" isInternalUserID="true"
step="1"/> <test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true"
step="2"/> </customSecurityTest> <customSecurityTest name="LogUploadServlet">
<test realm="wl_anonymousUserRealm" step="1"/> <test realm="LogUploadServlet"
isInternalUserID="true"/> </customSecurityTest> -->
<customSecurityTest name="SubscribeServlet">
<test realm="SubscribeServlet" isInternalUserID="true" />
</customSecurityTest>
</securityTests>
<realms>
<realm loginModule="LDAPLoginModule" name="LDAPRealm">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
<onLoginUrl>/console</onLoginUrl>
</realm>
<realm name="SubscribeServlet" loginModule="rejectAll">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm>
<!-- For client logger -->
<!-- <realm name="LogUploadServlet" loginModule="StrongDummy"> <className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm -->
<!-- For websphere -->
<!-- realm name="WASLTPARealm" loginModule="WASLTPAModule"> <className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
<parameter name="login-page" value="/login.html"/> <parameter name="error-page"
value="/loginError.html"/> </realm -->
<!-- For User Certificate Authentication -->
<!-- realm name="wl_userCertificateAuthRealm" loginModule="WLUserCertificateLoginModule">
<className>com.worklight.core.auth.ext.UserCertificateAuthenticator</className>
<parameter name="dependent-user-auth-realm" value="WASLTPARealm" /> <parameter
name="pki-bridge-class" value="com.worklight.core.auth.ext.UserCertificateEmbeddedPKI"
/> <parameter name="embedded-pki-bridge-ca-p12-file-path" value="/opt/ssl_ca/ca.p12"/>
<parameter name="embedded-pki-bridge-ca-p12-password" value="capassword"
/> </realm -->
<!-- For Trusteer Fraud Detection -->
<!-- Requires acquiring Trusteer SDK -->
<!-- realm name="wl_basicTrusteerFraudDetectionRealm" loginModule="trusteerFraudDetectionLogin">
<className>com.worklight.core.auth.ext.TrusteerAuthenticator</className>
<parameter name="rooted-device" value="block"/> <parameter name="device-with-malware"
value="block"/> <parameter name="rooted-hiders" value="block"/> <parameter
name="unsecured-wifi" value="alert"/> <parameter name="outdated-configuration"
value="alert"/> </realm -->
</realms>
<loginModules>
<loginModule name="LDAPLoginModule">
<className>com.worklight.core.auth.ext.LdapLoginModule</className>
<parameter name="ldapProviderUrl" value="ldap://localhost:389/dc=sigma,dc=com" />
<parameter name="ldapTimeoutMs" value="2000"/>
<parameter name="ldapSecurityAuthentication" value="simple"/>
<parameter name="validationType" value="searchPattern"/>
<parameter name="ldapSecurityPrincipalPattern" value="uid={username},ou=users,dc=sigma,dc=com"/>
<parameter name="ldapSearchFilterPattern" value="(uid={username})"/>
<parameter name="ldapSearchBase" value="ou=users,dc=sigma,dc=com"/>
</loginModule>
<loginModule name="StrongDummy">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
<loginModule name="requireLogin">
<className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
</loginModule>
<loginModule name="rejectAll">
<className>com.worklight.core.auth.ext.RejectingLoginModule</className>
</loginModule>
<!-- Required for Trusteer - wl_basicTrusteerFraudDetectionRealm -->
<!-- loginModule name="trusteerFraudDetectionLogin"> <className>com.worklight.core.auth.ext.TrusteerLoginModule</className>
</loginModule -->
<!-- For websphere -->
<!-- loginModule name="WASLTPAModule"> <className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
</loginModule -->
<!-- Login module for User Certificate Authentication -->
<!-- <loginModule name="WLUserCertificateLoginModule"> <className>com.worklight.core.auth.ext.UserCertificateLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with no-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceNoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with auto-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceAutoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
</loginModules>
</tns:loginConfiguration>
The response from the j_security_check
Request URL: http://x.x.x.x:10080/LDAPTest/apps/services/j_security_check
Request Method: POST
Status Code: HTTP/1.1 200 OK
Request Headers 12:47:00.000
x-wl-app-version: 1.0
x-wl-analytics-tracking-id: a948e425-1ace-a28b-3d27-11bac5ba3de3
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
Referer: http://10.2.38.14:10080/LDAPTest/apps/services/preview/LDAPTest/common/0/default/index.html
Pragma: no-cache
Host: 10.2.38.14:10080
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 37
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: en-US
Accept-Encoding: gzip, deflate
Accept: text/javascript, text/html, application/xml, text/xml, */*
Sent Cookie
WL_PERSISTENT_COOKIE: b24de65a-9c5a-4f58-97d7-348e92c78034
testcookie: oreo
LtpaToken2: rZBXVP4XKLnpvJpLFrp3UArtZGrcsGAXr4jGDTBurns9Ej5Nrx1s4/yWsDJJN6xfWkxWh1/3bBruHvL9twdae1qVcE2/D/0GfMwd1pVLbpowclNLFtqKBonEXxV6TlFIVaKgKz62SHR2to3Az/vbTjF+ZH8V1QnAdGi6dC8mk+wympju0P/4hLKWHseN9Sty2UM94cL2Cd+vcBGhJ5QVF211RIwQTXuGeQl+WMTg6B8Kfjlvly4sanyVr5va2AW38752VNEWtdnsrTHcayO/lAG1SyebFEKtaTVZhOPBkml5m6AojEGlDbcUjjof6e9H
JSESSIONID: 0000QTvrT7OBSgjn7OJG9XPMtIE:b45f2ac7-fb59-4da4-b233-f8bc81b81cf0
Response Headers Δ315ms
X-Powered-By: Servlet/3.0
Transfer-Encoding: chunked
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Expires: -1
Date: Mon, 10 Nov 2014 11:47:00 GMT
Content-Language: en-US
And the firefox console also returns undefined entity for j_sescurity_check and a line number 134, which in the snippet below is the last line before the dic.
The code it points to is as follows:
body onload="isPopup(); setFocus();">
<div id="authenticatorLoginFormWrapper">
<h1>IBM</h1>
<h2>IBM Worklight</h2>
<form method="post" action="j_security_check">
<p id="error">Please check the credentials</p>
<label for="j_username">User name:</label>
<input type="text" id="j_username" name="j_username" placeholder="User name" />
<br />
<label for="j_password">Password:</label>
<input type="password" id="j_password" name="j_password" placeholder="Password" />
<br />
<input type="submit" id="login" name="login" value="Log In" />
</form>
<p id="copyright">© 2006, 2012 IBM Corporation. Trademark</p>
</div>


Can you try and eliminate some variables in your setup and try as a first step to check whether your LDAP server is configured properly?
you can use this: https://serverfault.com/questions/514870/how-do-i-authenticate-with-ldap-via-the-command-line
to do a simple connection to your ldap server using a command line tool


I had a similar issue and a working config in my case was to move from simple to exists check in the authenticationConfig.xml file.
But especially the big leap forward was not using the uid anymore in the ldapSecurityPrincipalPattern and instead use cn for the user.
I paste the configuration below hoping it's useful for you (please note in my specific case I setup a test server corp.workgroup.com domain):
<loginModules>
<loginModule expirationInSeconds="-1" name="LDAPLoginModule">
<className>com.worklight.core.auth.ext.LdapLoginModule</className>
<parameter name="ldapProviderUrl" value="ldap://yourserver" />
<parameter name="ldapTimeoutMs" value="2000" />
<parameter name="ldapSecurityAuthentication" value="simple" />
<parameter name="validationType" value="exists" />
<parameter name="ldapSecurityPrincipalPattern" value="cn={username},cn=Users,dc=corp,dc=workgroup,dc=com" />
<parameter name="ldapReferral" value="ignore" />
</loginModule>

Related

IBM Mobile First platform v7.1 custom security test is not found in authenticationConfig.xml

I have been trying to follow the tutorials on this website:
Tutorials
I have run into trouble trying to set up a simple form based authentication to an adapter procedure.
When I try to push my adapter:
MacBook-Pro-Savid:AuthAdapter bruser$ mfp push
Preparing for push...
Verifying Server Configuration...
Runtime 'HelloWorldPrject' will be used to push the project into.
Pushing to Server...
Deploying
/Users/bruser/javad_test_folder/HelloWorldPrject/bin/AuthAdapter.adapter...
Error: Failed to deploy
/Users/bruser/javad_test_folder/HelloWorldPrject/bin/AuthAdapter.adapter.
Reason: failed to push adapter: Required security test 'AuthSecurity' for
resource proc:AuthAdapter.getSecretData' wasn't found in
authenticationConfig.xml: HTTP 200 - OK.
adapter found here:
/Users/bruser/javad_test_folder/HelloWorldPrject/bin/AuthAdapter.adapter has
been build but deployment failed.
Error: Push has failed here
My /server/conf/authenticationConfig.xml:
<!-- Licensed Materials - Property of IBM
5725-I43 (C) Copyright IBM Corp. 2006, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use, duplication or
disclosure restricted by GSA ADP Schedule Contract with IBM Corp. -->
<staticResources>
<!--
<resource id="logUploadServlet" securityTest="LogUploadServlet">
<urlPatterns>/apps/services/loguploader*</urlPatterns>
</resource>
-->
<resource id="subscribeServlet" securityTest="SubscribeServlet">
<urlPatterns>/subscribeSMS*;/receiveSMS*;/ussd*</urlPatterns>
</resource>
</staticResources>
<securityTests>
<customSecurityTest name="AuthSecurity">
<test realm="SampleAppRealm" isInternalUserID="true"/>
</customSecurityTest>
<!--
<mobileSecurityTest name="mobileTests">
<testAppAuthenticity/>
<testDeviceId provisioningType="none" />
<testUser realm="myMobileLoginForm" />
<testDirectUpdate mode="perSession" />
</mobileSecurityTest>
<webSecurityTest name="webTests">
<testUser realm="myWebLoginForm"/>
</webSecurityTest>
<customSecurityTest name="customTests">
<test realm="wl_antiXSRFRealm" step="1"/>
<test realm="wl_authenticityRealm" step="1"/>
<test realm="wl_remoteDisableRealm" step="1"/>
<test realm="wl_directUpdateRealm" mode="perSession" step="1"/>
<test realm="wl_anonymousUserRealm" isInternalUserID="true" step="1"/>
<test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="2"/>
</customSecurityTest>
<customSecurityTest name="LogUploadServlet">
<test realm="wl_anonymousUserRealm" step="1"/>
<test realm="LogUploadServlet" isInternalUserID="true"/>
</customSecurityTest>
-->
</securityTests>
<realms>
<realm name="SampleAppRealm" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
</realm>
<realm name="SubscribeServlet" loginModule="rejectAll">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm>
<!-- For client logger -->
<!-- <realm name="LogUploadServlet" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm -->
<!-- For websphere -->
<!-- realm name="WASLTPARealm" loginModule="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
<parameter name="login-page" value="/login.html"/>
<parameter name="error-page" value="/loginError.html"/>
</realm -->
<!-- For User Certificate Authentication -->
<!-- realm name="wl_userCertificateAuthRealm" loginModule="WLUserCertificateLoginModule">
<className>com.worklight.core.auth.ext.UserCertificateAuthenticator</className>
<parameter name="dependent-user-auth-realm" value="WASLTPARealm" />
<parameter name="pki-bridge-class" value="com.worklight.core.auth.ext.UserCertificateEmbeddedPKI" />
<parameter name="embedded-pki-bridge-ca-p12-file-path" value="/opt/ssl_ca/ca.p12"/>
<parameter name="embedded-pki-bridge-ca-p12-password" value="capassword" />
</realm -->
<!-- For Trusteer Fraud Detection -->
<!-- Requires acquiring Trusteer SDK -->
<!-- realm name="wl_basicTrusteerFraudDetectionRealm" loginModule="trusteerFraudDetectionLogin">
<className>com.worklight.core.auth.ext.TrusteerAuthenticator</className>
<parameter name="rooted-device" value="block"/>
<parameter name="device-with-malware" value="block"/>
<parameter name="rooted-hiders" value="block"/>
<parameter name="unsecured-wifi" value="alert"/>
<parameter name="outdated-configuration" value="alert"/>
</realm -->
<!-- For enabling custom authentication -->
<!-- The className shouldn't be changed, it is part of the framework -->
<!-- <realm name="customAuthRealm" loginModule="customAuthLoginModule">
<className>com.worklight.core.auth.ext.CustomIdentityAuthenticator</className>
<parameter name="providerUrl" value="http://localhost:3000"/>
</realm> -->
</realms>
<loginModules>
<loginModule name="StrongDummy" expirationInSeconds="3600">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
<loginModule name="requireLogin" expirationInSeconds="3600">
<className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
</loginModule>
<loginModule name="rejectAll" expirationInSeconds="3600">
<className>com.worklight.core.auth.ext.RejectingLoginModule</className>
</loginModule>
<!-- Required for Trusteer - wl_basicTrusteerFraudDetectionRealm -->
<!-- loginModule name="trusteerFraudDetectionLogin" expirationInSeconds="300">
<className>com.worklight.core.auth.ext.TrusteerLoginModule</className>
</loginModule-->
<!-- For websphere -->
<!-- loginModule name="WASLTPAModule" expirationInSeconds="3600">
<className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
</loginModule -->
<!-- Login module for User Certificate Authentication -->
<!-- <loginModule name="WLUserCertificateLoginModule" expirationInSeconds="3600">
<className>com.worklight.core.auth.ext.UserCertificateLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with no-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceNoProvisioningLoginModule" expirationInSeconds="3600">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with auto-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceAutoProvisioningLoginModule" expirationInSeconds="3600">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
<!-- For enabling custom authentication -->
<!-- The className shouldn't be changed, it is part of the framework -->
<!-- <loginModule name="customAuthLoginModule" expirationInSeconds="3600">
<className>com.worklight.core.auth.ext.CustomIdentityLoginModule</className>
</loginModule> -->
</loginModules>
<!--staticResources>
<resource id="mobileFirstConsole" securityTest="SubscribeServlet">
<urlPatterns>/console*</urlPatterns>
</resource>
</staticResources-->

As per this error
Reason: failed to push adapter: Required security test 'AuthSecurity' for
resource proc:AuthAdapter.getSecretData' wasn't found in
authenticationConfig.xml:
It is looking for the 'AuthSecurity' Test which is not found in the authenticationConfig.xml which is part of the runtime WAR that is deployed on the server.
procedure name="getSecretData" securityTest="AuthSecurityTest"
this means you need to extract the WAR from the server and double check if it in fact exists in the authenticationConfig.xml which looks like it is not there based on the exception
https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/7.1/authentication-security/form-based-authentication/

Disable auto-updates on MobileFirst server

I want to disable the automatic updates on MobileFirst 7.0 server for Android application. I have already tried the approach described here:
IBM MobileFirst 7.0 - How to disable auto-update
and here
https://www.ibm.com/support/knowledgecenter/SSHS8R_7.1.0/com.ibm.worklight.dev.doc/admin/c_direct_update_as_security_realm.html?lang=en
, but with no luck.
My original authenticationConfig.xml file looked like this:
<?xml version="1.0" encoding="UTF-8"?>
<tns:loginConfiguration xmlns:tns="http://www.worklight.com/auth/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<!-- Licensed Materials - Property of IBM
5725-I43 (C) Copyright IBM Corp. 2006, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use, duplication or
disclosure restricted by GSA ADP Schedule Contract with IBM Corp. -->
<staticResources>
<!--
<resource id="logUploadServlet" securityTest="LogUploadServlet">
<urlPatterns>/apps/services/loguploader*</urlPatterns>
</resource>
-->
<resource id="subscribeServlet" securityTest="SubscribeServlet">
<urlPatterns>/subscribeSMS*;/receiveSMS*;/ussd*</urlPatterns>
</resource>
</staticResources>
<!-- Sample security tests
Even if not used there will be some default webSecurityTest and mobileSecurityTest
Attention: If you are adding an app authenticity realm to a security test,
you must also update the application-descriptor.xml. Please refer to the user documentation
on application authenticity for environment specific guidelines. -->
<securityTests>
<!--
<mobileSecurityTest name="mobileTests">
<testAppAuthenticity/>
<testDeviceId provisioningType="none" />
<testUser realm="myMobileLoginForm" />
<testDirectUpdate mode="perSession" />
</mobileSecurityTest>
<webSecurityTest name="webTests">
<testUser realm="myWebLoginForm"/>
</webSecurityTest>
<customSecurityTest name="customTests">
<test realm="wl_antiXSRFRealm" step="1"/>
<test realm="wl_authenticityRealm" step="1"/>
<test realm="wl_remoteDisableRealm" step="1"/>
<test realm="wl_directUpdateRealm" mode="perSession" step="1"/>
<test realm="wl_anonymousUserRealm" isInternalUserID="true" step="1"/>
<test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="2"/>
</customSecurityTest>
<customSecurityTest name="LogUploadServlet">
<test realm="wl_anonymousUserRealm" step="1"/>
<test realm="LogUploadServlet" isInternalUserID="true"/>
</customSecurityTest>
-->
<customSecurityTest name="SubscribeServlet">
<test realm="SubscribeServlet" isInternalUserID="true"/>
</customSecurityTest>
</securityTests>
<realms>
<realm name="SampleAppRealm" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
</realm>
<realm name="SubscribeServlet" loginModule="rejectAll">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm>
<!-- For client logger -->
<!-- <realm name="LogUploadServlet" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm -->
<!-- For websphere -->
<!-- realm name="WASLTPARealm" loginModule="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
<parameter name="login-page" value="/login.html"/>
<parameter name="error-page" value="/loginError.html"/>
</realm -->
<!-- For User Certificate Authentication -->
<!-- realm name="wl_userCertificateAuthRealm" loginModule="WLUserCertificateLoginModule">
<className>com.worklight.core.auth.ext.UserCertificateAuthenticator</className>
<parameter name="dependent-user-auth-realm" value="WASLTPARealm" />
<parameter name="pki-bridge-class" value="com.worklight.core.auth.ext.UserCertificateEmbeddedPKI" />
<parameter name="embedded-pki-bridge-ca-p12-file-path" value="/opt/ssl_ca/ca.p12"/>
<parameter name="embedded-pki-bridge-ca-p12-password" value="capassword" />
</realm -->
<!-- For Trusteer Fraud Detection -->
<!-- Requires acquiring Trusteer SDK -->
<!-- realm name="wl_basicTrusteerFraudDetectionRealm" loginModule="trusteerFraudDetectionLogin">
<className>com.worklight.core.auth.ext.TrusteerAuthenticator</className>
<parameter name="rooted-device" value="block"/>
<parameter name="device-with-malware" value="block"/>
<parameter name="rooted-hiders" value="block"/>
<parameter name="unsecured-wifi" value="alert"/>
<parameter name="outdated-configuration" value="alert"/>
</realm -->
</realms>
<loginModules>
<loginModule name="StrongDummy">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
<loginModule name="requireLogin">
<className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
</loginModule>
<loginModule name="rejectAll">
<className>com.worklight.core.auth.ext.RejectingLoginModule</className>
</loginModule>
<!-- Required for Trusteer - wl_basicTrusteerFraudDetectionRealm -->
<!-- loginModule name="trusteerFraudDetectionLogin">
<className>com.worklight.core.auth.ext.TrusteerLoginModule</className>
</loginModule-->
<!-- For websphere -->
<!-- loginModule name="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
</loginModule -->
<!-- Login module for User Certificate Authentication -->
<!-- <loginModule name="WLUserCertificateLoginModule">
<className>com.worklight.core.auth.ext.UserCertificateLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with no-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceNoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with auto-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceAutoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
</loginModules>
</tns:loginConfiguration>
After many trials, I ended with this:
<?xml version="1.0" encoding="UTF-8"?>
<tns:loginConfiguration xmlns:tns="http://www.worklight.com/auth/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<!-- Licensed Materials - Property of IBM
5725-I43 (C) Copyright IBM Corp. 2006, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use, duplication or
disclosure restricted by GSA ADP Schedule Contract with IBM Corp. -->
<staticResources>
<!--
<resource id="logUploadServlet" securityTest="LogUploadServlet">
<urlPatterns>/apps/services/loguploader*</urlPatterns>
</resource>
-->
<resource id="subscribeServlet" securityTest="SubscribeServlet">
<urlPatterns>/subscribeSMS*;/receiveSMS*;/ussd*</urlPatterns>
</resource>
</staticResources>
<!-- Sample security tests
Even if not used there will be some default webSecurityTest and mobileSecurityTest
Attention: If you are adding an app authenticity realm to a security test,
you must also update the application-descriptor.xml. Please refer to the user documentation
on application authenticity for environment specific guidelines. -->
<securityTests>
<!--
<mobileSecurityTest name="mobileTests">
<testAppAuthenticity/>
<testDeviceId provisioningType="none" />
<testUser realm="myMobileLoginForm" />
<testDirectUpdate mode="disabled" />
</mobileSecurityTest>
<webSecurityTest name="webTests">
<testUser realm="myWebLoginForm"/>
</webSecurityTest>
-->
<customSecurityTest name="customTests">
<test realm="wl_antiXSRFRealm" step="1"/>
<test realm="wl_authenticityRealm" step="1"/>
<test realm="wl_remoteDisableRealm" step="1"/>
<test realm="wl_directUpdateRealm" mode="disabled" step="1"/>
<test realm="wl_anonymousUserRealm" isInternalUserID="true" step="1"/>
<test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="2"/>
</customSecurityTest>
<!--
<customSecurityTest name="LogUploadServlet">
<test realm="wl_anonymousUserRealm" step="1"/>
<test realm="LogUploadServlet" isInternalUserID="true"/>
</customSecurityTest>
-->
<customSecurityTest name="SubscribeServlet">
<test realm="wl_directUpdateRealm" mode="disabled" step="1"/>
<test realm="SubscribeServlet" isInternalUserID="true"/>
</customSecurityTest>
<customSecurityTest name="SampleAppRealm">
<test realm="wl_directUpdateRealm" mode="disabled" step="1"/>
<test realm="SampleAppRealm" isInternalUserID="true"/>
</customSecurityTest>
<mobileSecurityTest name="mobileTests">
<testDirectUpdate mode="disabled"/>
<testDeviceId provisioningType="none"></testDeviceId>
<testUser realm="wl_anonymousUserRealm"></testUser>
</mobileSecurityTest>
</securityTests>
<realms>
<realm name="SampleAppRealm" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
</realm>
<realm name="SubscribeServlet" loginModule="rejectAll">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm>
<!-- For client logger -->
<!-- <realm name="LogUploadServlet" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm -->
<!-- For websphere -->
<!-- realm name="WASLTPARealm" loginModule="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
<parameter name="login-page" value="/login.html"/>
<parameter name="error-page" value="/loginError.html"/>
</realm -->
<!-- For User Certificate Authentication -->
<!-- realm name="wl_userCertificateAuthRealm" loginModule="WLUserCertificateLoginModule">
<className>com.worklight.core.auth.ext.UserCertificateAuthenticator</className>
<parameter name="dependent-user-auth-realm" value="WASLTPARealm" />
<parameter name="pki-bridge-class" value="com.worklight.core.auth.ext.UserCertificateEmbeddedPKI" />
<parameter name="embedded-pki-bridge-ca-p12-file-path" value="/opt/ssl_ca/ca.p12"/>
<parameter name="embedded-pki-bridge-ca-p12-password" value="capassword" />
</realm -->
<!-- For Trusteer Fraud Detection -->
<!-- Requires acquiring Trusteer SDK -->
<!-- realm name="wl_basicTrusteerFraudDetectionRealm" loginModule="trusteerFraudDetectionLogin">
<className>com.worklight.core.auth.ext.TrusteerAuthenticator</className>
<parameter name="rooted-device" value="block"/>
<parameter name="device-with-malware" value="block"/>
<parameter name="rooted-hiders" value="block"/>
<parameter name="unsecured-wifi" value="alert"/>
<parameter name="outdated-configuration" value="alert"/>
</realm -->
</realms>
<loginModules>
<loginModule name="StrongDummy">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
<loginModule name="requireLogin">
<className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
</loginModule>
<loginModule name="rejectAll">
<className>com.worklight.core.auth.ext.RejectingLoginModule</className>
</loginModule>
<!-- Required for Trusteer - wl_basicTrusteerFraudDetectionRealm -->
<!-- loginModule name="trusteerFraudDetectionLogin">
<className>com.worklight.core.auth.ext.TrusteerLoginModule</className>
</loginModule-->
<!-- For websphere -->
<!-- loginModule name="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
</loginModule -->
<!-- Login module for User Certificate Authentication -->
<!-- <loginModule name="WLUserCertificateLoginModule">
<className>com.worklight.core.auth.ext.UserCertificateLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with no-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceNoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with auto-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceAutoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
</loginModules>
</tns:loginConfiguration>
, but it is not working for me. And I am sure that the edited authenticationConfig.xml file is used (if I make mistake in them, server refuses to load it). What am I doing wrong?

You need to add the securityTest attribute to the environment element in application-descriptor.xml.
For example: <android version="1.0" securityTest="name-of-security-test"/>
Learn more about security tests: https://www.ibm.com/developerworks/community/blogs/worklight/entry/understanding_predefined_worklight_authentication_realms_and_security_tests11?lang=en

IBM MobileFirst 7.0 - How to disable auto-update

I made changes in the MobileFirst application and deployed on to the mobile device it is asking for "update for the application is available in android" How to disable it.
This is my authenticationConfig.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<tns:loginConfiguration xmlns:tns="http://www.worklight.com/auth/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<staticResources>
<!--
<resource id="logUploadServlet" securityTest="LogUploadServlet">
<urlPatterns>/apps/services/loguploader*</urlPatterns>
</resource>
-->
<resource id="subscribeServlet" securityTest="SubscribeServlet">
<urlPatterns>/subscribeSMS*;/receiveSMS*;/ussd*</urlPatterns>
</resource>
</staticResources>
<securityTests>
<!--
<mobileSecurityTest name="mobileTests">
<testAppAuthenticity/>
<testDeviceId provisioningType="none" />
<testUser realm="myMobileLoginForm" />
<testDirectUpdate mode="disabled" />
</mobileSecurityTest>
<webSecurityTest name="webTests">
<testUser realm="myWebLoginForm"/>
</webSecurityTest>
<customSecurityTest name="customTests">
<test realm="wl_antiXSRFRealm" step="1"/>
<test realm="wl_authenticityRealm" step="1"/>
<test realm="wl_remoteDisableRealm" step="1"/>
<test realm="wl_directUpdateRealm" mode="perSession" step="1"/>
<test realm="wl_anonymousUserRealm" isInternalUserID="true" step="1"/>
<test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="2"/>
</customSecurityTest>
<customSecurityTest name="LogUploadServlet">
<test realm="wl_anonymousUserRealm" step="1"/>
<test realm="LogUploadServlet" isInternalUserID="true"/>
</customSecurityTest>
-->
<customSecurityTest name="SubscribeServlet">
<test realm="SubscribeServlet" isInternalUserID="true"/>
</customSecurityTest>
</securityTests>
<realms>
<realm name="SampleAppRealm" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
</realm>
<realm name="SubscribeServlet" loginModule="rejectAll">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm>
<!-- For client logger -->
<!-- <realm name="LogUploadServlet" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm -->
<!-- For websphere -->
<!-- realm name="WASLTPARealm" loginModule="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
<parameter name="login-page" value="/login.html"/>
<parameter name="error-page" value="/loginError.html"/>
</realm -->
<!-- For User Certificate Authentication -->
<!-- realm name="wl_userCertificateAuthRealm" loginModule="WLUserCertificateLoginModule">
<className>com.worklight.core.auth.ext.UserCertificateAuthenticator</className>
<parameter name="dependent-user-auth-realm" value="WASLTPARealm" />
<parameter name="pki-bridge-class" value="com.worklight.core.auth.ext.UserCertificateEmbeddedPKI" />
<parameter name="embedded-pki-bridge-ca-p12-file-path" value="/opt/ssl_ca/ca.p12"/>
<parameter name="embedded-pki-bridge-ca-p12-password" value="capassword" />
</realm -->
<!-- For Trusteer Fraud Detection -->
<!-- Requires acquiring Trusteer SDK -->
<!-- realm name="wl_basicTrusteerFraudDetectionRealm" loginModule="trusteerFraudDetectionLogin">
<className>com.worklight.core.auth.ext.TrusteerAuthenticator</className>
<parameter name="rooted-device" value="block"/>
<parameter name="device-with-malware" value="block"/>
<parameter name="rooted-hiders" value="block"/>
<parameter name="unsecured-wifi" value="alert"/>
<parameter name="outdated-configuration" value="alert"/>
</realm -->
</realms>
<loginModules>
<loginModule name="StrongDummy">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
<loginModule name="requireLogin">
<className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
</loginModule>
<loginModule name="rejectAll">
<className>com.worklight.core.auth.ext.RejectingLoginModule</className>
</loginModule>
<!-- Required for Trusteer - wl_basicTrusteerFraudDetectionRealm -->
<!-- loginModule name="trusteerFraudDetectionLogin">
<className>com.worklight.core.auth.ext.TrusteerLoginModule</className>
</loginModule-->
<!-- For websphere -->
<!-- loginModule name="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
</loginModule -->
<!-- Login module for User Certificate Authentication -->
<!-- <loginModule name="WLUserCertificateLoginModule">
<className>com.worklight.core.auth.ext.UserCertificateLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with no-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceNoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with auto-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceAutoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
</loginModules>
</tns:loginConfiguration>

Well, you can "disable auto-update" easily. try this way
Mobile security test
If a Direct Update test is not specified in a mobile security test, it is enabled with the default perSession mode. To change the direct update mode to perRequest in a mobile security test, add a direct update test with mode="perRequest" to a mobile security test: <testDirectUpdate mode="perRequest"/>. To disable direct update in a mobile security test, add a direct update test with mode="disabled" to the mobile security test: <testDirectUpdate mode="disabled"/>.
Custom security test
To add a Direct Update test to a custom security test, add the following test to the security test: <test realm="wl_directUpdateRealm"/>. The default mode is perSession. To change the mode, specify a value for the mode attribute: <test realm="wl_directUpdateRealm" mode="perRequest"/>. To disable automatic Direct Update in a custom security test, either set the mode to disabled or do not add a test with a Direct Update realm.
Now ,re-build the project and re-deploy the .war file (local server,production server) as well use an updated application
more information https://www-01.ibm.com/support/knowledgecenter/SSHS8R_7.1.0/com.ibm.worklight.dev.doc/admin/c_direct_update_as_security_realm.html?lang=en

Remove the Direct Update security test from your security tests in authenticationConfig.xml. If in a non-development (Studio/CLI) environment, make sure to also re-build the project and re-deploy the .war file as well use an updated application.

Worklight Enterprise authentication issue with BB10

I'm developing a bank app for a company using WL enterprise edition with version 6.2.0.1,
I have deployed the WAR file for the application and implemented a securityTest for Mobile and Web.
Everything is working fine on iPhone, Android and web mobile.
However, when i try to connect through BB 10 (z10 or Q10) i'm getting this error on the server log.
Error log:
LoginContext E com.worklight.core.auth.impl.LoginContext
processRequest FWLSE0117E: Error code: 4, error description:
AUTHENTICATION_ERROR, error message: An error occurred while
performing authentication using loginModule
WLDeviceNoProvisioningLoginModule, User Identity Not available.
[project MobileBanking] [project MobileBanking]
the authenticationConfig.xml is the following
<?xml version="1.0" encoding="UTF-8"?>
<!-- Licensed Materials - Property of IBM
5725-I43 (C) Copyright IBM Corp. 2006, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use, duplication or
disclosure restricted by GSA ADP Schedule Contract with IBM Corp. -->
<staticResources>
<resource id="subscribeServlet" securityTest="SubscribeServlet">
<urlPatterns>/subscribeSMS*;/receiveSMS*;/ussd*</urlPatterns>
</resource>
</staticResources>
<securityTests>
<mobileSecurityTest name="MobileBankingTestMobile">
<testDeviceId provisioningType="none" />
<testDirectUpdate mode="perSession" />
</mobileSecurityTest>
<webSecurityTest name="MobileBankingTest">
<testUser realm="MobileBankingRealm" />
</webSecurityTest>
<customSecurityTest name="SubscribeServlet">
<test realm="SubscribeServlet" isInternalUserID="true"/>
</customSecurityTest>
</securityTests>
<realms>
<realm loginModule="BankingLoginModule" name="MobileBankingRealm">
<className>com.worklight.integration.auth.AdapterAuthenticator</className>
<parameter name="login-function" value="MBCAuthenticationAdapter.onAuthRequired" />
<parameter name="logout-function" value="MBCAuthenticationAdapter.onLogout" />
</realm>
<!-- <realm name="SampleAppRealm" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
</realm> -->
<realm name="SubscribeServlet" loginModule="rejectAll">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm>
<!-- For client logger -->
<!-- <realm name="LogUploadServlet" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm -->
<!-- For websphere -->
<!-- realm name="WASLTPARealm" loginModule="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
<parameter name="login-page" value="/login.html"/>
<parameter name="error-page" value="/loginError.html"/>
</realm -->
<!-- For User Certificate Authentication -->
<!-- realm name="wl_userCertificateAuthRealm" loginModule="WLUserCertificateLoginModule">
<className>com.worklight.core.auth.ext.UserCertificateAuthenticator</className>
<parameter name="dependent-user-auth-realm" value="WASLTPARealm" />
<parameter name="pki-bridge-class" value="com.worklight.core.auth.ext.UserCertificateEmbeddedPKI" />
<parameter name="embedded-pki-bridge-ca-p12-file-path" value="/opt/ssl_ca/ca.p12"/>
<parameter name="embedded-pki-bridge-ca-p12-password" value="capassword" />
</realm -->
<!-- For Trusteer Fraud Detection -->
<!-- Requires acquiring Trusteer SDK -->
<!-- realm name="wl_basicTrusteerFraudDetectionRealm" loginModule="trusteerFraudDetectionLogin">
<className>com.worklight.core.auth.ext.TrusteerAuthenticator</className>
<parameter name="rooted-device" value="block"/>
<parameter name="device-with-malware" value="block"/>
<parameter name="rooted-hiders" value="block"/>
<parameter name="unsecured-wifi" value="alert"/>
<parameter name="outdated-configuration" value="alert"/>
</realm -->
</realms>
<loginModules>
<loginModule name="BankingLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
<!-- <loginModule name="StrongDummy">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
<loginModule name="requireLogin">
<className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
</loginModule> -->
<loginModule name="rejectAll">
<className>com.worklight.core.auth.ext.RejectingLoginModule</className>
</loginModule>
<!-- Required for Trusteer - wl_basicTrusteerFraudDetectionRealm -->
<!-- loginModule name="trusteerFraudDetectionLogin">
<className>com.worklight.core.auth.ext.TrusteerLoginModule</className>
</loginModule-->
<!-- For websphere -->
<!-- loginModule name="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
</loginModule -->
<!-- Login module for User Certificate Authentication -->
<!-- <loginModule name="WLUserCertificateLoginModule">
<className>com.worklight.core.auth.ext.UserCertificateLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with no-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceNoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with auto-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceAutoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
</loginModules>
Application-descriptor.xml:
I kept it the same with no changes than the original,
I have changed the BB parameters for testing, each test is done separately, and the app is being deployed on BB10 Device for each change, but didn't work:
<android version="1.0">
<worklightSettings include="true"/>
<security>
<encryptWebResources enabled="true"/>
<testWebResourcesChecksum enabled="true" ignoreFileExtensions="png, jpg, jpeg, gif, mp4, mp3"/>
<publicSigningKey/>
</security>
</android>
<blackberry10 version="1.0"> </blackberry10>
How can I fix this issue? is there a certification needs to be installed on the WL enterprise server for BB? is there a fix for the realm issue for BB10.?
Thanks

We have solved the issue by raising a PMR with IBM.
They provided us with an update for Eclipse kepler containing the fix for the BB authentication and with 32 extra fixes.

Deploying a Worklight application to production environment

I did a worklight app with worklight6.0.0, which has some http adapters that works fine with my liberty profile in eclipse.
now i want to transport this app to a websphere 8.0.0.6 environment, but when i did that i recieve this message in the catlog:
info: {"challenges":{"wl_antiXSRFRealm":{"WL-Instance-Id":"ajjqfhmo88gqmm955r2p22vq7j"}}}*/
error: defaultOptions:onFailure Procedure invocation error.
and this is another error:
[Http://190.246.205.5:9081/WorklightPocProj/apps/services/../../invoke] failure. state: 500, response: The server was unable to process the request from the application. Please try again later.
defaultOptions:onFailure The server was unable to process the request from the application. Please try again later.
I put a call on the wlinit to a dummy adapter and the response is correctly, this error that the app give to me happens just after i call this method:
handler.submitAdapterAuthentication(invocationData, {});
So I've change the worklight.properties and redeploy the .war, then, I've deploy that .war on the WAS and install the all.wlapp and all the .adapter files.
and i can see all the file deployed in my worklight console, and my android app connects to the worklight server correctly
In this .war, i have another app (a facebook app) which doesnt have any adapter and works fine.
This is my code realm:
<securityTests>
<!--
<customSecurityTest name="WorklightConsole">
<test realm="WorklightConsole" isInternalUserID="true"/>
</customSecurityTest>
<mobileSecurityTest name="mobileTests">
<testAppAuthenticity/>
<testDeviceId provisioningType="none" />
<testUser realm="myMobileLoginForm" />
</mobileSecurityTest>
<webSecurityTest name="webTests">
<testUser realm="myWebLoginForm"/>
</webSecurityTest>
<customSecurityTest name="customTests">
<test realm="wl_antiXSRFRealm" step="1"/>
<test realm="wl_authenticityRealm" step="1"/>
<test realm="wl_remoteDisableRealm" step="1"/>
<test realm="wl_anonymousUserRealm" isInternalUserID="true" step="1"/>
<test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="2"/>
</customSecurityTest>
-->
<customSecurityTest name="SubscribeServlet">
<test realm="SubscribeServlet" isInternalUserID="true"/>
</customSecurityTest>
<customSecurityTest name="SimpleAuthAdapterTest">
<test realm="SimpleAuthRealm" isInternalUserID="true" />
</customSecurityTest>
</securityTests>
<realms>
<realm name="SampleAppRealm" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
</realm>
<realm name="WorklightConsole" loginModule="requireLogin">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
<onLoginUrl>/console</onLoginUrl>
</realm>
<realm name="SimpleAuthRealm" loginModule="SimpleAuthLoginModule">
<className>com.worklight.integration.auth.AdapterAuthenticator</className>
<parameter name="login-function" value="SimpleAuthAdapter.onAuthRequired" />
<parameter name="logout-function" value="SimpleAuthAdapter.onLogout" />
</realm>
<realm name="SubscribeServlet" loginModule="rejectAll">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm>
<!-- For websphere -->
<!-- realm name="WASLTPARealm" loginModule="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
<parameter name="login-page" value="/login.html"/>
<parameter name="error-page" value="/loginError.html"/>
</realm -->
</realms>
<loginModules>
<loginModule name="SimpleAuthLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
<loginModule name="StrongDummy">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
<loginModule name="requireLogin">
<className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
</loginModule>
<loginModule name="rejectAll">
<className>com.worklight.core.auth.ext.RejectingLoginModule</className>
</loginModule>
<!-- For websphere -->
<!-- loginModule name="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
</loginModule -->
<!-- For enabling SSO with no-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceNoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with auto-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceAutoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
</loginModules>
and this is my a part of my ChallengeHandler code:
var handler = WL.Client.createChallengeHandler("SimpleAuthRealm");
var busyInd;
function login() {
busyInd = new WL.BusyIndicator('content', {
text : 'Verificando credenciales...'
});
busyInd.show();
var username = $('#AuthUsername').val();
var password = $('#AuthPassword').val();
usuario1 = username;
password1 = password;
var invocationData = {
adapter : "SimpleAuthAdapter",
procedure : "submitAuthentication",
parameters : [ "Basic " + Base64.encode(username + ":" + password),
username ]
};
handler.submitAdapterAuthentication(invocationData, {});
};
Is there something that I'm missing or I'm doing wrong?

Solved: this error happens because the application security was enabled on the was server without setting any role on the web.xml file.