I am using Worklight 6.2 consumer edition. When I deploy my app, following warning flashes on server console:
[WARNING ] FWLSE0259W: Application authenticity protection is not being performed within the Worklight Development Server. In order to fully test Application authenticity protection, deploy the application to a non-development Worklight Server (i.e. external Worklight Server). [project MyProject].
I am using Web Sphere Liberty Profile 8.5.5.1 server. Pls advise how to make this warning make go away?
As the message says, if you are trying to test Application Authenticity Protection in Worklight Studio (the Eclipse development environment of Worklight), Authenticity protection is not supposed to work.
To test Application Authenticity in Worklight 6.2, you must deploy Worklight using IBM Installation Manager to your Application Server (WAS, Liberty, Tomcat), as well as your .war, .wlapp, .adapters, etc... and set it up in Worklight Console belonging to this instance of Worklight.
Only then should it work.
Related
I have an IBM mobile first version 7.0 project which developed in Eclipse Luna. Just want to check how to enable the extended application authenticity protection for apk and ipa as mentioned in https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/7.1/authentication-security/application-authenticity-protection/#enablingExtendedApplicationAuthenticityProtection?
Thanks
Application authenticity protection is only available in standalone ( production) installs of IBM MobileFirst server. Application authenticity feature is disabled in IBM MFP Studio.
Once you have installed your standalone server, make use of the 'wladm' command to enable extended application authenticity protection.
I have deployed my worklight server 6.1 in WebSphere Application server liberty profile. And i have created the server configuration for application.
Now My console is opening with out login. kindly suggest how to enable login feature for My worklight console.
Make sure your project's .war file contains the configuration for username/password, as detailed in the following documentation topic: https://www.ibm.com/support/knowledgecenter/SSZH4A_6.1.0/com.ibm.worklight.deploy.doc/admin/r_protecting_ibm_worklight_console.html
I am developing a hybrid app in Worklight 6.2. I have a WorkLight Server installed Red Hat Linux 6 base as remote server.
I have give the servers ip address, port number and context root as"/worklight" in the "build settings and deploy target".
Then i added my adapter file and wlapp file into the remote servers "app" folder. I haven't made any changes in the server.xml file.
Now when i call the procedure from my app i am getting "[IPADDRESS:PORT/worklight/apps/services/api/MyApp/ipad/query] failure. state: 404, response: The server was unable to process the request from the application. Please try again later."
What am i missing and What changes do i have to make to make the request to work.?
The steps you are describing are not clear.
Make sure you are following the steps as provided in the IBM Worklight Knowledge Center.
First make sure the Worklight Server deployment to the application server was done correctly
You can verify this then by loading the Worklight Console (there will be no deployed projects)
Then follow the Worklight project (.war, .wlapp, .adapter) deployment to the Worklight Server instructions
You can verify this then by loading the Worklight Console (there will be 1 deployed application)
I have configured and enabled the App Authenticity in my application using custom Security. Added the security test property in my Application discriptor xml file. In my worklight console the respective application gives me the option to enable the App Authenticity.
Now how to test this feature. Fail case senario. How to explicitly fail the client app for app authenticity. My eithcal Hacking team want to perform this testing.
Thanks.
Easiest way to simulate it would be to:
Deploy your application to the server, build the generated project and install it on the device. See that it works.
Depending on the environment, in application-descriptor.xml:
for Android, alter the signing key used and re-deploy to the server
for iOS, alter the bundleId and re-deploy to the server
Re-launch the already install application, it should now fail.
Note:
In Worklight 6.2 application authenticity will only work with an external application server that Worklight Server is deployed to. Otherwise the feature will "always work" when testing in the Worklight Development Server.
In Worklight 6.1 application authenticity will use a "dummy" challenge when used in the Worklight Developer edition; to really test the feature in v6.1, you must use Worklight Studio and Server based on the Consumer or Enterprise editions.
I am running Worklight Studio 6 from Worklight Enterprise Edition download with Eclipse Juno.
My application is using form security with the WASLTPA login module. The application tests correctly.
When I add AppAuthenticity (needed for device provisioning) my client sees the following error in the console. (None in the server log)
Failed to load resource: the server responded with a status of 401 (Unauthorized)
drilling deeper I see:
/*-secure-
{"challenges":{"wl_authenticityRealm":{"WL-Challenge-Data":"o97e2ph8kguqh1vpljbio1o5k3+23.507-9.852-31.807 "}}}*/
I am running this on the Worklight Development Server packaged with Worklight Studio.
You have mentioned both the Enterprise Edition and Developer Edition.
Please clarify your question with the following: You have installed Worklight using the IBM Installation Manager, yes?
You have an application server (Tomcat/WebSphere/Liberty) installed and you've used the supplied Ant scripts to create the Worklight database(s), configure them, deploy the Worklight platform files to the application server, as well as deploy your project's .war file? (and of course the .wlapp /.adapter file(s)...).
If you have done the above, then you will have in your Worklight Server, now installed on the application server, the required components for App Authenticity to work.
Then there is the case of how you actually configured your project for App Authenticity.
Make sure you follow these steps to set up App Authenticity