We Keep Coding

Worklight LTPA Authentication with WebSphere - ibm-mobilefirst

Hi I am using worklight 6.1 and WebSphere 8
I am getting following error
[ERROR ] FWLSE0059E: Login into realm 'WASLTPAModule' failed. SRVE0190E: File not found: /login.html. [project Streebo] SRVE0190E: File not found: /login.html [ERROR ] FWLSE0117E: Error code: 4, error description: AUTHENTICATION_ERROR, error message: An error occurred while performing authentication using loginModule WASLTPAModule, User Identity Not available. [project Streebo] [project Streebo] [WARNING ] SRVE0190E: File not found: /login.html
Here are the things what I did
authenticationConfig.xml
<mobileSecurityTest name="mobileTests">
<testAppAuthenticity/>
<testDeviceId provisioningType="none" />
<testUser realm="WASLTPARealm" />
</mobileSecurityTest>
<!-- For websphere -->
<realm name="WASLTPARealm" loginModule="WASLTPAModule"><className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
<parameter name="login-page" value="/login.html"/>
<parameter name="error-page" value="/loginError.html"/>
</realm>
<!-- For websphere -->
<loginModule name="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
</loginModule>
Adapter Entry
WASAuth.xml
<procedure name="getAuth" securityTest="mobileTests"/>
WASAuth-impl.js
function getAuth() {
return {'key1':'authh'};
}
Challenge Handler
var challengeHandler;
challengeHandler = WL.Client.createChallengeHandler('WASLTPARealm');
initOptions.js
connectOnStartup : false,
main.js
function wlCommonInit(){
WL.Client.connect({
onSuccess: onConnectSuccess,
onFailure: onConnectFailure
});
and its going in onSuccess
function onConnectSuccess() {
alert('on connect success in wlCommonInit() in main.js');
var invocationData = {
adapter : 'WASAuth',
procedure : 'getAuth',
parameters : []
};
var options = {
onSuccess : function(res) {
alert('procedure getAuth success with res: '+res);
},
onFailure : function() {
alert('procedure getAuth Failures');
}
};
WL.Client.invokeProcedure(invocationData, options);
};
So its coming in success function and when It calls adapter and following error comes
[ERROR ] FWLSE0059E: Login into realm 'WASLTPAModule' failed. SRVE0190E: File not found: /login.html. [project Streebo]
SRVE0190E: File not found: /login.html
[ERROR ] FWLSE0117E: Error code: 4, error description: AUTHENTICATION_ERROR, error message: An error occurred while performing authentication using loginModule WASLTPAModule, User Identity Not available. [project Streebo] [project Streebo]
[WARNING ] SRVE0190E: File not found: /login.html
And I already have login.html and loginError.html in root folder of my war and also have login.html in conf
Please guide me to resolve this issue
Appreciate

Please verify you have named the files login.html and loginError.html exactly. Please also verify you have placed these in the root of the war file that you have deployed to your server. You can expand the war file you have deployed to double check. Also make sure your login.html file has valid structure such as the example provided:
<html>
<head>
<title>Login</title>
</head>
<body>
<form method="post" action="j_security_check">
<input type="text"
id="j_username"
name="j_username"
placeholder="User name" />
<input type="password"
id="j_password"
name="j_password"
placeholder="Password" />
<input type="submit" id="login" name="login" value="Log In" />
</form>
</body>
</html>
As well as the structure of your loginError.html page:
<html>
<head>
<title>Login Error</title>
</head>
<body>
An error occurred while trying to log in.
</body>
</html>
For more detailed instructions and troubleshooting please look at the following:
LTPA Training Module:
http://public.dhe.ibm.com/software/mobile-solutions/worklight/docs/v610/08_06_WebSphere_LTPA_based_authentication.pdf
LTPA Infocenter Instructions
https://pic.dhe.ibm.com/infocenter/wrklight/v6r1m0/index.jsp?topic=%2Fcom.ibm.worklight.deploy.doc%2Fadmin%2Ft_configuring_WL_LTPA_realm.html

For MobileFirst Platform v6.3
\MobileFirstServerConfig\servers\worklight\apps
Find the app that you are trying to test ltpa with.
Assuming the project name is FormBasedAuth. Then the corresponding war file is FormBasedAuth.war
Using WinRAR to open it.
Go to your studio workbench, in your project > expand server > expand conf > copy the login.html into the FormBasedAuth.war that is already opened in WinRAR
you could also create a loginError.html and put that into the FormBaseAuth.war
Make sure that you place FormBaseAuth.war back to \MobileFirstServerConfig\servers\worklight\apps
Now in the studio, server view > Stop the test server. Wait for it to stop.
Start the test server again.
Now when you test, this error will be gone.
Similar procedure for the standalone server, just your war file might be different.

Related

I would need to upload Gziped content to S3 via a signed URL.
Here is how I generate the signed URL with a JS backend:
s3.createPresignedPost({
Bucket: 'name',
Fields: {
key: 'key'
}
})
I have tried passing the Content-Encoding header to the signedURL POST request but that did not work. The headers are not set properly on the s3 object.
I have also tried setting up a post upload lambda to update the metadata. It failed with an error File is identical error
Finally I have tried using cloudfront + a lambda to force a header. This failed too with an error stating that Content-Enconding is a protected error.

--Update Start--
For uploading to S3 via Ajax or JS scripts, I would advise to use s3.getSignedUrl method. s3.createPresignedPost is meant for only direct browser uploads.
Below is example of Ajax jQuery Upload I created using this guide.
s3.getSignedUrl('putObject', {
Bucket: 'bucketName',
Key: 'sample.jpg.gz',
// This must match with your ajax contentType parameter
ContentType: 'binary/octet-stream'
/* then add all the rest of your parameters to AWS puttObect here */
}, function (err, url) {
console.log('The URL is', url);
});
Ajax PUT Script - Take the Url from above function call and use it below.
$.ajax({
type: 'PUT',
url: "https://s3.amazonaws.com/bucketName/sample.jpg.gz?AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Content-Type=binary%2Foctet-stream&Expires=1547056786&Signature=KyTXdr8so2C8WUmN0Owk%2FVLw6R0%3D",
//Even thought Content-Encoding header was not specified in signature, it uploads fine.
headers: {
'Content-Encoding': 'gzip'
},
// Content type must much with the parameter you signed your URL with
contentType: 'binary/octet-stream',
// this flag is important, if not set, it will try to send data as a form
processData: false,
// the actual file is sent raw
data: theFormFile
}).success(function () {
alert('File uploaded');
}).error(function () {
alert('File NOT uploaded');
console.log(arguments);
});
In S3 object, you should see Content-Type, Content-Encoding under metadata.
Importent Note
When you try to upload via JS scripts which is running on browsers, typically browsers will tend to send OPTIONS method preflight(or CORS check) first before calling PUT method. You will get 403 Forbidden error for OPTIONS since CORS on S3 bucket doesn't allow that. One way, I resolved is by using following CORS configuration on bucket level. Reference
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>PUT</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
--Update End--
Did you try like this?. I just tested the policy using sample html given in AWS documentation. Reference - https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-HTTPPOSTConstructPolicy.html
s3.createPresignedPost({
Bucket: 'name',
Conditions: [
{ "Content-Encoding": "gzip" }
],
Fields: {
key: 'key'
}
})
Update -
Here is my observation so far.
We really need to check your client which is doing upload operation. If you want Content-Encoding set on MetaData, then your Pre-Signed Url should have Content-Encoding property set. If Signed Url doesn't have it but your request header does then it will give you Extra input fields: content-encoding.
I have signed a url with Content-Encoding and uploaded a zipped file with following sample html.
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>
<body>
<form action="http://bucket-name.s3.amazonaws.com" method="post" enctype="multipart/form-data">
Key to upload:
<input type="input" name="key" value="sample.jpg.gz" /><br />
Content-Encoding:
<input type="input" name="Content-Encoding" value="gzip" /><br />
<input type="text" name="X-Amz-Credential" value="AKIAIOSFODNN7EXAMPLE/20190108/us-east-1/s3/aws4_request" />
<input type="text" name="X-Amz-Algorithm" value="AWS4-HMAC-SHA256" />
<input type="text" name="X-Amz-Date" value="20190108T220828Z" />
Tags for File:
<input type="hidden" name="Policy" value='bigbase64String' />
<input type="hidden" name="X-Amz-Signature" value="xxxxxxxx" />
File:
<input type="file" name="file" /> <br />
<!-- The elements after this will be ignored -->
<input type="submit" name="submit" value="Upload to Amazon S3" />
</form>
</html>
If I do not send Content-Encoding header it gives the error Policy Condition failed: ["eq", "$Content-Encoding", "gzip"]
Note -
If you are using https while uploading, please make sure you have proper certificate on S3 endpoint otherwise you will get cert errors.
S3 Screenshot.

POC for MobileFirst 8.0 version apps and I created sample apps and maven based adapter. Finally I invoked that adapter index.js file to call the adapter its working fine when I used browser simulator but its not working while I installed android device I got below that error in android LOGCAT,
[ERROR:xwalk_autofill_client.cc(121)] Not implemented reached in virtual void xwalk::XWalkAutofillClient::OnFirstUserGestureObserved()
How to resolve this issue.
please find the implementation below.
adapter
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed Materials - Property of IBM
5725-I43 (C) Copyright IBM Corp. 2011, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use, duplication or
disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
-->
<mfp:adapter name="HttpAdapter"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mfp="http://www.ibm.com/mfp/integration"
xmlns:http="http://www.ibm.com/mfp/integration/http">
<displayName>HttpAdapter</displayName>
<description>HttpAdapter</description>
<connectivity>
<connectionPolicy xsi:type="http:HTTPConnectionPolicyType">
<protocol>https</protocol>
<domain>mobilefirstplatform.ibmcloud.com</domain>
<port>443</port>
<connectionTimeoutInMilliseconds>30000</connectionTimeoutInMilliseconds>
<socketTimeoutInMilliseconds>30000</socketTimeoutInMilliseconds>
<maxConcurrentConnectionsPerNode>50</maxConcurrentConnectionsPerNode>
</connectionPolicy>
</connectivity>
<procedure name="getFeed" secured="false"/>
<procedure name="unprotected" secured="false"/>
</mfp:adapter>
adapter implementation
function getFeed(tag) {
var input = {
method : 'get',
returnedContentType : 'xml',
path : getPath(tag)
};
return MFP.Server.invokeHttp(input);
}
/**
* Helper function to build the URL path.
*/
function getPath(tag){
if(tag === undefined || tag === ''){
return 'feed.xml';
} else {
return 'blog/atom/' + tag + '.xml';
}
}
/**
* #returns ok
*/
function unprotected(param) {
return {result : "Hello from unprotected resource"};
}
apps implementation
function myFunction(){
console.log('==================== inside calling ==================');
var resourceRequest = new WLResourceRequest(
"/adapters/HttpAdapter/getFeed",
WLResourceRequest.GET,3000
);
resourceRequest.setQueryParameter("params", "['']");
resourceRequest.send().then(
function(response) {
alert("------- success " +JSON.stringify(response));
},
function() {
alert("----------- >>> errror ------");
}
)
}

Please use mata tag in your HTML file it will resolve your issues for android.
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'" />

I am trying to insert data into existing table in database from mobilefirst. the adapter is working fine and i can insert data into database from the adapter. But when it is invoked in client side it shows failure message.
function insert(){
var invocationData = {
adapter:"sqlad",
procedure:"procedure1",
parameters:[$('#empid').val(),$('#empname').val()]
};
WL.Client.invokeProcedure(invocationData,{
onSuccess :loadFeedsSuccess,
onFailure :loadFeedsFailure,
});
}
function loadFeedsSuccess() {
alert("success");
}
function loadFeedsFailure() {
alert("failure");
}
html
<body style="display: none;">
<!--application UI goes here-->
<h1>ENTER THE EMP DETAILS</h1>
EMP ID<input type="text" id=empid> <br> <br>
Emp NAME<input type="text" id=empname><br> <br>
<input type="submit" value=register onclick="insert();">
<script src="js/initOptions.js"></script>
<script src="js/main.js"></script>
<script src="js/messages.js"></script>
</body>
adap imp.js
var procedure1Statement = WL.Server.createSQLStatement("INSERT INTO testdemo(empid,empname) Values(?,?)");
function procedure1(empid,empname) {
return WL.Server.invokeSQLStatement({
preparedStatement : procedure1Statement,
parameters : [empid,empname]
});
}

The actual failure here is this:
[ERROR ] FWLSE0335E: Authorization failed: ClientId 8v2iz67uij was not
found on the server. [project simpledb] [ERROR ] FWLSE0048E: Unhandled
exception caught: null
com.worklight.authorization.endpoint.OauthAuthorizationException
The solution is detailed in this question: Authorization failure calling MobileFirst Adapter
To fully resolve the issue so that it will not appear again, you must update your Studio installation to the latest iFix. As an IBM customer you can download the latest iFix from the IBM Fix Central website using your customer credentials.
As a temporary fix you can attempt to clear the browser cookies, as suggested in the linked question.

I am trying to insert data into existing table in database from mobilefirst. the adapter is working fine and i can insert data into database from the adapter. But when it is invoked in client side it shows failure message.
function insert(){
var invocationData = {
adapter:"sqlad",
procedure:"procedure1",
parameters:[$('#empid').val(),$('#empname').val()]
};
WL.Client.invokeProcedure(invocationData,{
onSuccess :loadFeedsSuccess,
onFailure :loadFeedsFailure,
});
}
function loadFeedsSuccess() {
alert("success");
}
function loadFeedsFailure() {
alert("failure");
}
html
<body style="display: none;">
<!--application UI goes here-->
<h1>ENTER THE EMP DETAILS</h1>
EMP ID<input type="text" id=empid> <br> <br>
Emp NAME<input type="text" id=empname><br> <br>
<input type="submit" value=register onclick="insert();">
<script src="js/initOptions.js"></script>
<script src="js/main.js"></script>
<script src="js/messages.js"></script>
</body>
adap imp.js
var procedure1Statement = WL.Server.createSQLStatement("INSERT INTO testdemo(empid,empname) Values(?,?)");
function procedure1(empid,empname) {
return WL.Server.invokeSQLStatement({
preparedStatement : procedure1Statement,
parameters : [empid,empname]
});
}

The actual failure here is this:
[ERROR ] FWLSE0335E: Authorization failed: ClientId 8v2iz67uij was not
found on the server. [project simpledb] [ERROR ] FWLSE0048E: Unhandled
exception caught: null
com.worklight.authorization.endpoint.OauthAuthorizationException
The solution is detailed in this question: Authorization failure calling MobileFirst Adapter
To fully resolve the issue so that it will not appear again, you must update your Studio installation to the latest iFix. As an IBM customer you can download the latest iFix from the IBM Fix Central website using your customer credentials.
As a temporary fix you can attempt to clear the browser cookies, as suggested in the linked question.

I am trying to make an LDAP authentication system using IBM Worklight Studio 6.2.0.01
The login system works fine, no problem with that part, but the logout function doesn't actually log out the user!
Realm:
<realm loginModule="LDAPLoginModule" name="LDAPRealm">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
</realm>
LoginModule:
<loginModule name="LDAPLoginModule">
<className>com.worklight.core.auth.ext.LdapLoginModule</className>
<parameter name="ldapProviderUrl" value="<Correct LDAP URL ( For security left blank on stackoverflow )>"/>
<parameter name="ldapTimeoutMs" value="2000"/>
<parameter name="ldapSecurityAuthentication" value="simple"/>
<parameter name="validationType" value="exists"/>
<parameter name="ldapSecurityPrincipalPattern" value="{username}"/>
</loginModule>
SecurityTest:
<customSecurityTest name="LDAPSecurityTest">
<test realm="wl_directUpdateRealm" step="1"/>
<test isInternalUserID="true" realm="LDAPRealm"/>
</customSecurityTest>
AdapterXML (important part)
<procedure name="getUsername" securityTest="LDAPSecurityTest" />
<procedure name="onLogout" />
AdapterJS
function getUsername(){
return {username: ""};
}
function onLogout(){
WL.Server.setActiveUser("LDAPRealm", null);
}
The getUsername function gets called everytime the app wants to check if a user is currently logged in, it has NO function other than that.
The logout function (App-side)
$scope.setUsername = function(){
var invocationData = { adapter: "DummyAdapter", procedure: "getUsername"}
WL.Client.invokeProcedure(invocationData, {
onSuccess: function(result){},
onFailure: function(result){);
}
$scope.logout = function(){
WL.Client.logout("LDAPRealm", {onSuccess: $scope.setUsername});
}
Result: This makes the app go to the login page by noticing the user has logged out, only problem is.. it hasn't completely logged out the user. What can I do to make the user completely logged out?
PS: Why don't I use WL.Client.reloadApp after WL.Client.logout()? Two reasons:
White screen and reloading the whole app is just dirty, it's not user friendly at all.
WL.Client.reloadApp gives a fatal signal 11 ( code 1 ) on Android Lollipop ( Android 5.0 ). At least, this is with my worklight version (6.2.0.01).
Please, is there a way I can avoid WL.Client.reloadApp and still log out the user from the server? If not: What may cause the fatal signal 11 ( code 1 ) error in Android Lollipop? I've tested it thoroughly on iOS 8.0, Android 2.3.5, Android 4.4.2 and Android 5.0. Only one that fails is the 5.0
Thank you and sorry for the long post

I have fixed the problem by removing the WL.Client.reloadApp function from logout onsuccess, I did this as such:
$scope.logout = function(){
WL.Client.logout("LDAPRealm", {onSuccess: function(){
$scope.setUsername() // <-- this function is the secret function
// that triggers the securitytest
// which then gives back the login page because
// you had just logged out :)
}});
}
As for the adapter not logging out the user: This comment was false, this bug was originating from another problem. So my code which was posted on StackOverflow was fine. But still:
Android 5.0 and WL.Client.reloadApp don't go to well (5th November 2014 in case an update fixes this)