“Authenticity check failed” error on server

0
votes

I migrate a 5.0.0.3 worklight application deployed on a 5.0.0.3 worklight server to Worklight studio 5.0.6 and the deployment done on IPAS.

Deployment is successful on IPAS and I try now to execute my android application from my tablet.

I have some issues with the authentication:

In Application Descriptor, I protected the android application in the application-descriptor.xml with a securityTest.

I defined realms, securityTest and loginModules in authenticationConfig.xml. I use a FormBasedAuthenticator and a NonValidatingLoginModule.

All work well for my challengeHandler except when I do a challengeHandler.submitSuccess(). Here, on the server console I have the following error:

com.worklight.core.auth.ext.AuthenticityLoginModule login FWLSE0127E: Authenticity check failed.

SecurityTest I use is: CustomerCentricClientApp-strong-mobile-securityTest. Here is my AuthenticationConfig.xml file:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>


<securityTests>
    <webSecurityTest name="CustomerCentricClientApp-web-securityTest">
        <testUser realm="PushClientAppRealm"/>
    </webSecurityTest>

    <mobileSecurityTest name="CustomerCentricClientApp-strong-mobile-securityTest">
        <testAppAuthenticity/> 
        <testUser realm="PushClientAppRealm"/>
        <testDeviceId provisioningType="none"/>
    </mobileSecurityTest>
</securityTests>

<realms>        
    <realm loginModule="PushAppClientLoginModule" name="PushClientAppRealm">
        <className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
    </realm>

    <realm loginModule="requireLogin" name="WorklightConsole">
        <className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
        <onLoginUrl>/console</onLoginUrl>
    </realm>
</realms>

<loginModules>
    <loginModule name="PushAppClientLoginModule">
        <className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
    </loginModule>

    <loginModule name="requireLogin">
        <className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
    </loginModule>
</loginModules>

Here is an extract of my application-descriptor:

<android securityTest="CustomerCentricClientApp-strong-mobile-securityTest" version="1.0">
    <worklightSettings include="true"/>
    <pushSender key="xxx" senderId="xx"/>
    <security>
        <encryptWebResources enabled="false"/>
        <testWebResourcesChecksum enabled="false" ignoreFileExtensions="png, jpg, jpeg, gif, mp4, mp3"/>
        <publicSigningKey>MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCsW8rocRoAK0PElY5DpyN0wkg2CAVA7Ub8KSFDjBwofoWiA7AAD1hlcJJPCRznfFQ8nQEQ7jJAhpuOvmKxvVcRfj7shJ3JZP0yAvh0Lte8DSQ0MASXwfyehmJe9l/KiY5KWM6sDk+4oxcDJ2j2U+mBivR9+msdTaqIOFPP+PBteQIDAQAB</publicSigningKey>
    </security>
</android>
1
androidauthenticationibm-mobilefirst
Add your entire customeSecurityTest from authenticationConfig.xml to your question for review.Idan Adar

1 Answers

0
votes

Make sure <testAppAuthenticity/> is part of your custom securityTest.

In addition to adding the authenticity test above, you need to also:

  1. Specify a public signing key in application-descriptor.xml (add it using the "Extract public signing key" in the Android environment's context menu)
  2. Sign and export your .apk (I assume we're talking Android here) using the same keystore used for generating the public signing key above

Note that this is only relevant in the Consumer or Enterprise editions of Worklight, where the Authenticity feature exist. If this is not your case, I suggest removing this securityTest.