I am getting the error when i tried run Worklight Application JSON Store with Sync
2013-05-15 10:27:43.466 OffApp[935:c07] [LOG] 16 Error Message: COULD_NOT_GET_SECURE_KEY
The JSON Store is failing to load initial Data From Adapter
That error message is saying your application that is using JSONStore is unable to reach the Worklight Server. It's trying to access /random to get a secure random token.
response [/apps/services/random] success: e9097576c8663f4d9946c9389570ff34bf81975c
That token is used to generate the keys necessary to provide data encryption.
The function called to generate the secure random is:
WL.EncryptedCache.secureRandom(callback);
Edit (Feb. 6, 2014): You can do the following to init without the Worklight Server:
WL.JSONStore.init(..., {localKeyGen: true});
More details in the documentation for init.
Related
I am trying to make this request from IBM Cloud API: Documentation
I have successfully made other requests like pvmInstances and Volumes, so we should have the permission, but this one returns this error: {'description': 'Your access token is invalid or does not have the necessary '
'permissions to perform this task.',
'error': 'Access Denied'}.
Is there anyone who can help me please?
Verify that you can perform the actions in the IBM Cloud Console UI. If that works OK, then login using the CLI and get the tokens as described in the docs to use curl
Environment:
Windows Server 2012 R2
JRE 1.8.0_101
IBM WAS Liberty Core 8.5.5.5
IBM MFP 8.1
Apache Web server
We have set up the UAT with the above environment. We have deployed our application on the server, have deployed adapter for user authentication and a resource adapter to fetch the data.
When we invoke an adapter procedure without security (unprotected) the app is fetching the data. But when we try to invoke an adapter procedure with default scope or with a custom scope Instead of triggering the challenge handler, we are getting failure response with error status ‘201’ and error message ‘Created’.
Another observation is that, when the WLAuthorizationManager.ObtainAccessToken is invoked with default scope or with push.mobileclient, it is giving the same failure response with error status ‘201’ and error message ‘Created’. The same application works fine in the development environment.
When I try to obtain a token from postman using https://domain:port/mfp/api/az/v1/token and pass the scope, grant_type and the necessary authorization header, it is providing the valid response with token. But from the app when we try by obtain token it is given failure response.
Failure response
{"status":201,"statusText":"Created","responseText":"","responseHeaders":{"connection":"Keep-Alive","content-language":"en-US","content-length":"0","date":"Fri, 17 May 2019 05:42:45 GMT","keep-alive":"timeout=5, max=100","location":"/mfp/api/registration/clients/1e746550-e804-4ee7-88ba-b99896qqqqpwo","server":"Apache/2.4.39 (Win64) OpenSSL/1.1.1b","via":"1.1 ","x-powered-by":"Servlet/3.0"},"errorMsg":"Created","errorCode":"201"}
201 is not a response code that is expected from the /token endpoint. This is very likely coming from an intermediate element in your topology. You've mentioned about the Apache Web Server as part of the configuration - is this sending the 201 ?
Moreover, the actual response from the server shows "server":"Apache/2.4.39 (Win64) OpenSSL/1.1.1b"
So, here is what you can do
a. Try bypassing the web server and see if resolves the issue - in all likeliness, it should.
b. Validate the configuration settings of the Apache Web server to see why the 201 is being returned.
Late to the party, but for anyone that is still running into this error:
Install the following interim fix: 8.0.0.0-MFPF-IF202006151151
This solved the error for me. Seems to be a bug in MobileFirst, took me ages to find.
I am making a call to https://api.box.com/oauth2/token to get a token for a user.
I get a 400 with the following error:
Cannot obtain token based on the enterprise configuration for your app
I don't see this error message defined anywhere. Any ideas what I'm doing wrong?
The issue here was that I was requesting a token for a non app user and my application was configured to allow access to app users only.
I'm trying to make a simple example of a connection to a WS (JAX-RS), when I call from the browser, I should return a string but I get the following error message:
missing_authorization, this is the URL to access the resource (REST):
http://localhost:10080/PruebaWSProject/adapters/MyAdapter/users/pramirez
When I test it directly from MobileFirst Studio using "Call MobileFirst Adapter", it works perfectly.
It seems to be a problem with HTTP authentication, apparently I have to set something in the XML file server: authenticationConfig.xml, but I do not know what I have to put and I read the following in a web:
Disabling the authentication requirement for a specific procedure.
You can do so by adding the securityTest="wl_unprotected" property to the element in the adapter XML file.
I do not know how to turn off the security to call the resource to obtain the chain. The name of the classes generated by the Java adapter are: MyAdapterResource and MyAdapterApplication.
Java Adapters are protected by default.
When you use "Call MobileFirst Adapter", a test token is automatically added to help you preview.
If you want to test your adapter outside of the wizard, you have 2 main options:
Disable security by adding #OAuthSecurity(enabled=false) before your procedure code (in MyAdapterResource). Keep in mind that your procedure will no longer be protected. See Protecting Adapters.
Generate a test token manually. You can request a test token which you will add to your HTTP headers. See In Postman
The instructions you saw regarding securityTest="wl_unprotected" are for JavaScript adapters, not Java.
While debugging, we observe following behavior:
1) When trying to get encryption key from server then error on both (iOS or Android) platform
response [https://xxxx.xxxx.com:443/worklight/apps/services/random]
success: Exception thrown by application class
'com.ibm.ws.webcontainer.session.impl.HttpSessionContextImpl.checkSecurity():685'
SESN0008E: A user authenticated as anonymous has
attempted to access a session owned by user:NewRealm/CN=test
user,OU=Temporary Users,OU=Acc,DC=xxxx,DC=com.
2) When trying to read a stored value error on android is [Logcat]
Android Message: Uncaught 9 at
file:///data/data/com.xxxx.xxxxapp/files/www/default/wlclient/js/encryptedcache.js:63
Where try to call WL.EncryptedCache.read
Worklight version used is 5.0.5 Consumer Edition (with Oracle 11i) on
Windows 2008 R2
WebSphere Liberty profile
Worklight server is sitting behind IBM Datapower XI52. All SSL calls to the server are going via DP.
Authenticator - WebSphereFormBasedAuthenticator & LoginModule - WASLTPAModule
The following is not really an answer, since I'm not familiar with authentication (LTPA, FormBasedAuth, Data Power, etc.)... just a couple of comments that could help you debug/isolate the issue.
Looks like a problem with authentication:
A user authenticated as anonymous has attempted to access a session
owned by user:NewRealm/CN=test user,OU=Temporary
Users,OU=Acc,DC=xxxx,DC=com.
Not with the Encrypted Offline Cache (EOC).
EOC will try to get a random token calling the following function:
WL.EncryptedCache.secureRandom(function (data) {
console.log(data);
});
It should output something like this:
response [/apps/services/random] success: 9053bdcfd902aac3dfb59a9874c9cf55223b7d17
9053bdcfd902aac3dfb59a9874c9cf55223b7d17
You can view the functions source code typing the following in a JS console:
WL.EncryptedCache.secureRandom
If you're using Google Chrome developer tools there's a checkbox for Log XMLHttpRequests when you click on the gear icon > General > Console.
You can also try to request the URL directly. Assuming the host is localhost, port is 10080 and project name is wlproj:
http://localhost:10080/wlproj/apps/services/random
9053bdcfd902aac3dfb59a9874c9cf55223b7d17
You can view HTTP traffic with Wireshark or Charles Proxy.
I imagine this will fix the EOC issue for you, if you don't mind generating the random token locally (less security, AFAIK):
WL.EncryptedCache.secureRandom = function(callback){callback(Math.random()+"")}
For example:
Notice it never goes to the server, everything is done locally.
A user authenticated as anonymous has attempted to access a session owned by user:NewRealm/CN=test user,OU=Temporary Users,OU=Acc,DC=xxxx,DC=com.
This usually means that there is a conflict with the session sent by the user (the session cookie) belongs to a user (in this case), but the LTPA token sent as a cookie was not sent or was not valid. There could be a few causes of this. This best way is to do a trace between datapower and the worklight server to make sure an LTPA token is even being sent to the worklight server. If it is, verify all of the LTPA requirements are met (synchronized time, same private key on both machines).