I am using WL 5.0.5 Server and Studio.
Now I am verifying an app authentication. But I can't do it.
I made an android app for using WL studio 5.0.5. I tried to fake app for using apktool and motizen tool(It's a faking signing tool).
Decompiling an app.
Modifying Androidmanifest.xml (added some permissions)
Rebuilding
Faking signing with motizen tool
I was expecting to prevent to execute faked app because of auto provisioning that is a feature on WL 5.5.
But it was working well. I don't know why it did it.
Please let me know how to detect an app forgery on WL 5.0.
If you want your publickSigningKey to be checked you have to specify wl_authenticityRealm in your security tests. For example:
<customSecurityTest name="authenticity">
<test realm="wl_antiXSRFRealm" step="1"/>
<test realm="wl_authenticityRealm" step="1"/>
<test realm="wl_remoteDisableRealm" step="1"/>
<test realm="wl_anonymousUserRealm" isInternalUserID="true" step="1"/>
<test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="2"/>
</customSecurityTest>
Note, your application will be running run on a device as expected until it attempts to connect to the server. Then connection should fail and you'll be notified about that in WLResponseListener.onFailure.
Its important to understand that authenticity will only work in commercial versions of Worklight. The version downloaded from the IBM developerWorks site does not have this feature active
Related
Is there any way to disable app authenticity on remote mobile first server? In worklight 6.2 we can manually disable app authenticity on console but cannot find the same settings in mobilefirst 7.1.
As a workaround: We are using custom security test in authenticationConfig.xml and haven't used app authenticity test realm in it. The surprise in the workaround is that it still shows basic app authenticity enabled on the mobile first console. Any pointers for the workaround dilemma as well?
Appreciate any inputs!
Code:
<customSecurityTest name="LoginAdapter-securityTest">
<test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="1"/>
<test realm="SingleSignonRealm" isInternalUserID="true" step="2"/>
</customSecurityTest>
I have the same issue when i deploy a wlapp of a previous version of worklight (6.1) on MobileFirst Server 7.1.
A workaround is to remove the <security />entry in application-descriptor.xml
Example for a iphone app.
Initially the application-descriptor.xml was the following :
<iphone bundleId="com.WorklightStarterjQueryMobile" version="1.0">
<worklightSettings include="true"/>
<security />
</iphone>
And App Authenticity Configuration was "Basics"
Now i use this one (removed security entry):
<iphone bundleId="com.WorklightStarterjQueryMobile" version="1.0">
<worklightSettings include="true"/>
</iphone>
And App Authenticity Configuration is now "none"
Starting MobileFirst Platform Foundation 7.0 there is now basic authenticity and extended authenticity modes. There is no more disabled/serving/serving-blocking options via a dropdown in the MobileFirst Console.
The way to disable Application Authenticity Protection is to remove its realm from the security test in the authenticationConfig.xml file and then re-deploy the .war file, otherwise the changes will not be in effect.
I have developed a hybrid application in Ibm worklight using jquerymobile framework. The application accesses database hosted on my own domain using sqladapter. It works fine on Ibm worklight console as well as on AVD. But when I tried to run the application from real android phone, it won't work.I tried to access the database but it does not work in real android device. I saw some solutions that i should connect to worklight server from my device and how is it possible? What steps to be followed further? Help me, i am new to this course.
When testing in a device you need to make sure the following:
The device is connected to the same WiFi network as the computer that hosts the Worklight Server
The SQL adapter connectionPolicy points to the IP address of the computer that hosts the Worklight Server.
Change "localhost" to an IP address:
<connectionPolicy xsi:type="sql:SQLConnectionPolicy">
<dataSourceDefinition>
<driverClass>com.mysql.jdbc.Driver</driverClass>
<url>jdbc:mysql://localhost:3306/mydb</url>
<user>myUsername</user>
<password>myPassword</password>
</dataSourceDefinition>
</connectionPolicy>
Worklight 6.2 on Liberty
Can I configure the AppCenter to use custom provisioning outlined in the GettingStarted material?
The server/conf folder is present in the AppCenter project, so it seems I could configure custom provisioning and build the war. The questions seem to be, will the appcenter client
access the new appcenter war like a normal worklight client with respect to the security mechanism, and will the new appcenter war respond like a normal worklight server to those requests?
No, IBM Worklight Application Center does not support the Worklight custom provisioning. The IBM Worklight Application Center server is no Worklight server (in the sense that it does not derive from the Worklight server classes).
The custom provisioning mechanism is often used to restrict the mobile devices that can connect to the Worklight server. However, for AppCenter, any device that runs the AppCenter client can connect to the server with a correct user and password. If restrictions are needed, they should be implemented in the mobile app, not in the facility that installs the mobile app.
I would like to debug the server part of my Worklight application (java). AFAIK Worklight 5.0.6 uses an embedded Jetty HTTP server. I wonder how it's possible to enable remote debugging for this process so I can set breakpoints, watch scope variables and so on?
Thank you in advance,
spyro
In Worklight 5.0.6, where the Jetty application server is used, Java debugging is not possible.
A possible solution, in case you are an IBM Worklight customer is to deploy Worklight on WAS Liberty, where you should be able to do this.
I have a web application that I want to install on IIS7. I use wix 3.7 but i see it does not support integrated pool out of the box.Is there a way to do it?
Actually, it does...
<iis:WebAppPool Id="SomeAppPool" ManagedPipelineMode="Integrated" />