IBM Worklight 5.0.5 - How to configure LDAP for Application Center using WAS ND 8.0.1?

0
votes

We've been trying without much success to enable LDAP user authentication for the Worklight Application Center. We've carefully followed the instructions here: http://pic.dhe.ibm.com/infocenter/wrklight/v5r0m5/index.jsp?topic=%2Fcom.ibm.help.doc%2Fwl_home.html

First, we created the LDAP repository in the WAS console and added it to the federated repositories config: http://pic.dhe.ibm.com/infocenter/wrklight/v5r0m5/index.jsp?topic=%2Fcom.ibm.worklight.help.doc%2Fappcenter%2Fc_ac_was8_ldap.html

Then we configured the LDAP authentication for users and groups following: http://pic.dhe.ibm.com/infocenter/wrklight/v5r0m5/index.jsp?topic=%2Fcom.ibm.help.doc%2Fwl_home.html

Finally we enabled ACL management with LDAP as suggested by: http://pic.dhe.ibm.com/infocenter/wrklight/v5r0m5/index.jsp?topic=%2Fcom.ibm.help.doc%2Fwl_home.html

After the server restart these are the results:

  • Worklight Console: Works OK.
  • Application Center: Shows a ?????? in the user space with the following error in every screen related to users: FWLAC0401W: No user appears to be logged, check the Application Center security configuration.
  • Worklight WAS Console: We are locked out. The LDAP users do not work, the initial worklight/worklight user does not work. The only way to get in is changing the security.xml for the instance to get back in and rollback the security changes.

What are we doing wrong?
Is there a more "tutorial like" documentation to accomplish these tasks, we might be making some mistakes following the infocenter.

1
ldapwebsphereibm-mobilefirstworklight-appcenter

1 Answers

0
votes

About the application center effect: Technically, the message means that the Web Security Context does not contain a principal (i.e. a user name). In general, Application Center must be configured so that the login screen appears (is this the case for you?).

I know two possible reasons:

  1. Application Security is disabled in WAS. Open the WAS console and select Security > Global Security. Ensure that "Enable Application Security" is checked. Ensure also that "Enable Administrative Security" is checked.
  2. The appcenteradmin role is mapped to special subject "Everyone". Both the appcenteradmin role and the appcenteruser role cannot be mapped to this special subject, because it simply disables the authentication and hence the security context does not know anymore which user is logged in. Look in Applications > Application Types > WebSphere Enterprise Applications > AppCenter > Security Role to user/group mapping. Here you can see how the roles are mapped and you can change it.

Since you also have a problem with the Worklight WAS console, I would guess that your situation is 1., since 2. is local to the Application center and does not affect the WAS console.