I'm experiencing an issue while deploying worklight adapter in a remote machine.
Adapter is using a certificate alias.
Here is the message of error:
Invalid content was found starting with element 'sslCertificateAlias'.
One of '{authentication, proxy}' is expected.
Could you attach here your adapter xml without sensitive data?
Anyway check if your remote server keystore contains private key with alias you are configured in sslCertificateAlias and the password in sslCertificatePassword is right.
A second check is configuration of the keystore in worklight.properties:
ssl.keystore.path=conf/default.keystore
ssl.keystore.type=jks
ssl.keystore.password=mypassword
Related
OS - Windows 10
.net Environment - .net core 2.1
SDK - Microsoft.Azure.Devices.Client - 1.21.0
Microsoft.Azure.Devices.Provisioning.Client - 1.4.0
Microsoft.Azure.Devices.Provisioning.Transport.Amqp - 1.1.9
Microsoft.Azure.Devices.Provisioning.Transport.Http - 1.1.6
Microsoft.Azure.Devices.Provisioning.Transport.Mqtt - 1.1.8
Description of the issue
I'm trying to connect a simulated device (.net core console app) to IOT hub via azure Device Provisioning Service. This is based on x.509 cetificates (root+ intermediate certificate).
I created the enrolment group ok, then uploaded the root certificate and completed verification.
After that generated the device certificate from root certificate and tried to connect to IOT hub using sample code from below link:
https://github.com/Azure-Samples/azure-iot-samples-csharp/tree/master/provisioning/Samples/device/X509Sample
After having all setup when I tried to connect to IOT bub I'm getting below error, tried all protocol - Amqp,Http,Mqtt...
Microsoft.Azure.Devices.Provisioning.Client.ProvisioningTransportException
HResult=0x80131500
Message={"errorCode":401002,"trackingId":"408d5ad7-aa7c-45a1-b19a-e4af41ccf54b","message":"CA certificate not found.","timestampUtc":"2019-08-23T09:17:53.762099Z"}
Source=<Cannot evaluate the exception source>
StackTrace:
<Cannot evaluate the exception stack trace>
Below is the input to device client along with certificate:
private static string s_idScope = "0ne00074417";
private const string GlobalDeviceEndpoint = "global.azure-devices-provisioning.net";
private static string s_certificateFileName = "simulateddevicecert.pfx";
Is there anything missing in the setup that is causing this error? Also is there any REST API exposed by azure DPS to register device? (instead of using Azure Devices/Client SDK)
As shown here,
please include the intermediate certificate as well in the certificate chain presented by the device.
The REST API docs for registering a device to DPS can be found here.
In my case error 401002 was caused by mismatched deviceId and CN field in certificate which device used to authenticate.
In my case, I used the wrong connection string.
I used the device connection string instead of the service connection string when trying to call a direct invoke method.
I'm posting this here, because this is among the first search results for the 401002 error, and there's no info on this check on the Azure doc websites.
I am trying to encrypt the push sender password in application-descriptor following Storing properties in encrypted format section of the tutorial.
However, when building the wlapp for iOS, I see following error message in Worklight Studio.
FWLST1040E: iphone build failed: com.worklight.common.util.WorklightCertificateException: Certificate error: Unable to process certificate: apns-certificate-production.p12
It appears that Worklight Studio trying to decrypt the p12 certificate using '${xxxx}' as the password during build process. If I put the password as clear text, build passes. Replacing push sender values for GCM with ${xxx} passes also since there is no iOS-like certificate to decrypt. Only iOS build has problem here.
As far as I understand, the encrypted/configurable fields should be decrypted/replaced at server side during run time, not during the build. Right now, I am not able to build a new wlapp for ios because of this issue.
I am not sure what have I done wrong here. Is there a setting to skip the p12 decryption during build process?
Worklight 6.2:
Created a test=1234 in worklight.properties
Using <pushSender password="${test}" /> in application-descriptor.xml
This passes w/out any errors.
MobileFirst 6,3 7.0:
The same steps as above fail with:
[2015-05-20 10:30:01] FWLST1040E: iphone build failed:
com.worklight.common.util.WorklightCertificateException: Certificate
error: Unable to process certificate: apns-certificate-sandbox.p12
I have opened a bug for it.
Are you sure about the version you're using?
Worklight 6.0.0, targeting iPad.
I have a simple demonstration application, no authentication at present. I am demonstrating use of reverse proxy. So I am building my application using the Build for Remote Server workaround and can see in xcode the correct server specification. I have some adapter calls, but for a particular demo scenario I also want to make an explicit call to
WL.Client.connect( ... );
If I use an http connection I see a request like this:
http://192.168.0.19/MyApp/apps/services/api/Work01/ipad/init
and it works just fine. If instead I use an SSL connection, as expected I see this
https://192.168.0.19:443/Infrabel01/apps/services/api/Work01/ipad/init
And I get the following error.
> [ERROR ] FWLSE0059E: Login into realm 'NullLoginModule' failed. The
> environment 'ipad' supports multiple versions, therefore you must
> request it with a version parameter.. [project Infrabel01] The
> environment 'ipad' supports multiple versions, therefore you must
> request it with a version parameter. [ERROR ]
> FWLSE0117E: Error code: 4, error description: AUTHENTICATION_ERROR,
> error message: An Error occurred while performing authentication using loginModule
> NullLoginModule, User Identity Not available. [project Infrabel01]
> [project Infrabel01]
That "request it with a version parameter" is intriguing. Is there some extra parameter I need to pass? Or is the overall implication that connecting over SSL requires authentication?
I had the same problem.
I have solved it by using the real IP address of the server in the WL app instead of using localhost:
When the emulator is running your app, press the Menu button.
Select to change your server URL
Remove "localhost" and use the IP address.
Accept and try again.
This fixed my problem.
Please make sure your Worklight server or proxy server is enabled SSL with certificate which signed by a trust public CA like Verisign. Worklight not support private CA certificate.
I have created a sample project with an SQL adapter and a hybrid worklight application. The application is a simple login form that accept userid and password and validate them against the value stored in database using the SQL adapter.
Now when I tested this application on the default worklight server installed in eclispe plugin for worklight it is working fine.
But when I install the SQL adapter and worklight application on an enterprise worklight server and testing it, I am getting the following error:
NetworkError: 404 Not Found -
http://[localhost:9080]/apps/services/api/SampleHybrid/common/query
The above error I fetched through Firebug.
SampleHybrid is the name of the worklight hybrid application.
SampleHybridAdapter is the name of the SQL adapter.
The server’s response is:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>CWWKT0018E: The application or context root for this request has not been found: /apps/services/api/SampleHybrid/common/query</p><hr /><address>WebSphere Application Server at 127.0.0.1 port 9080</address></body></html>
You mentioned you have moved to running Worklight on an application server - this requires using a context root. I do not see a context root in the 404 error you have provided.
The request to the server was supposed to look like this: http://[localhost:9080]/yourContext/apps/services/api/SampleHybrid/common/query
Because the context root (in this case, "yourContext") is missing, you get a 404 error, since the application is trying to reach a location that does not exist.
The context root value is set in both application-descriptor.xml and worklight.properties.
yourProject\apps\yourApp\application-descriptor.xml
Change the value of the worklightServerRootURL property to include your context root. It should look like this http://your-host-name-here:port/yourContext
yourProject\apps\server\conf\worklight.properties
Set your context root as the value for the publicWorkLightContext property (also make sure to uncomment it)
After doing the above, you need to re-deploy the .war file to your application server. The .war file can be found in the bin folder of your Worklight project.
I have successfully gotten the module 41 sample running with eclipse and the local server. Attempting to deploy on my liberty server returns the error.
Failed to deploy application 'PushApplication-all.wlapp'. : application descriptor uses a security test:PushApplication-strong-mobile-securityTest. However, authentication config xml does not contain a security test element with that name.
I am on Worklight 5.0.5 with a successful app running on the server and now trying to add push notifications. I have checked the war file and it does contain the authentication-config.xml with the specified test.
I saw a smilier post a few momths ago but am unable to find whether it got answered
thanks in advance.
From the sound of it, you are trying to deploy your .wlapp to a server that is already running an instance of Worklight, but this instance does not have the required securityTest settings in authenticationConfig.xml
This leads me to believe that you did not replace the .war file you already had deployed in the Liberty-profile application server with the .war file from your Push Notifications project, which contains the up-to-date authenticationConfig.xml