IBM Worklight 5.0.5 - Unable to enable Application Authenticity in a Hybrid application

0
votes

I have been trying to implement and test the application authenticity features of Worklight and have been unsuccessful in getting it working. I have reviewed every post on this site, as well as the information in the WL information center and have had no success. I am providing a detailed explanation of what I have done, as well as the results I am seeing in the hopes that someone will be able to assist me.

Environment: Worklight Studio 5.0.5 Consumer edition installed on Windows 7 Enterprise Worklight Server 5.0.5 Consumer edition installed on Windows 7 Enterprise

WL Server is running within the Websphere Application Server Liberty profile provided by the Worklight Server installation

WL Server is using the derby database provided by the installation package.

Implementation Steps:

  1. Added (uncommented) the security test in authenticationConfig.xml

    <mobileSecurityTest name="mobileTests"> 
    <testDeviceId provisioningType="none"/>
    <testAppAuthenticity/>
    <testUser realm="wl_anonymousUserRealm"/>
</mobileSecurityTest>

  2. Rebuilt and deployed the .war file to Worklight Server.

  3. Modify initOptions.js so that "connectOnStartup : true"

  4. Modified the application-descriptor.xml and specified the security test for the Android application and add the publicSigningKey

    <android version="1.1" securityTest="mobileTests">
<worklightSettings include="false"/>
<security>
    <encryptWebResources enabled="false"/>
    <testWebResourcesChecksum enabled="false" ignoreFileExtensions="png, jpg, jpeg, gif, mp4, mp3"/>
    <publicSigningKey>.......</publicSigningKey>
</security>

  5. Rebuilt and deployed the application to WL Server.

  6. Create the signed .apk file and uploaded it to application center.

  7. Install the application on the physical device (Samsung Galaxy Tab 2, Android 4.1.1)

  8. Launch the application.

When I launch the application in either "Preview" mode from WL Console or on the physical device, I end up with the same error being displayed. The error I am receiving is:

{"errorCode":"UNEXPECTED_ERROR","errorMsg":"userIdentityForAPI is null. Check your application''s authentication requirements (never, onStartup, onDemand). These settings must match to the deployed application"}

Is there something that I missed in my configuration?

1
androidibm-mobilefirstworklight-security
Same problem in WL 6.0.1: Nov 4, 2013 2:21:53 PM com.worklight.gadgets.serving.GadgetAPIServlet doGetOrPost WARNING: FWLSE0009W: User identity is null. Check your application''s authentication requirements. These settings must match to the deployed application [project wlm] Nov 4, 2013 2:21:53 PM com.worklight.gadgets.serving.GadgetAPIServlet createAjaxRequestExceptionJSON SEVERE: FWLSE0020E: Ajax request exception: FWLSE0009W: User identity is null. Check your application''s authentication requirements. These settings must match to the deployed application [project wlm] [project wlm] - christianmenkens
@Jim, if this question is resolved, please mark it as Answered. - Idan Adar

1 Answers

0
votes

Using the latest Worklight Studio Consumer Edition plug-in, v6.0.0.1, I have done the following. I have successfully managed to use App Authenticity in a Worklight-based app with the Android environment.

  1. Created a new Worklight project
  2. Added the Android environment
  3. initOptions.js > connectOnStartup:true

  4. authenticationConfig.xml > uncomment the mobileSecurityTest:

    <mobileSecurityTest name="mobileTests">          
    <testAppAuthenticity/> 
    <testDeviceId provisioningType="none" />  
</mobileSecurityTest>

    A custom security test can also be used:

    <customSecurityTest name="customTests">
          <test realm="wl_antiXSRFRealm" step="1"/>
          <test realm="wl_authenticityRealm" step="1"/>
          <test realm="wl_remoteDisableRealm" step="1"/>
          <test realm="wl_anonymousUserRealm" isInternalUserID="true" step="1"/>
      test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="2"/>
 </customSecurityTest>

  5. Used the default Google-provided debug.keystore (in a Production environment, use should use your own keystore)

  6. Used this keystore via right-click on Android folder > Extract public signing key (auto-added to application-descriptor.xml)
  7. Build All and Deploy
  8. Right-click on the generated Android project > Run As > Android Application (in a Production environment, right-click on the generated Android project > Android Tools > Export Signed Application Package > Install the signed .apk > launch)

To verify:

  1. Checked that the app managed to connect to the Worklight Server when App Authenticity rule is set to "Enabled" in Worklight Console
  2. Altered the public signing key in application-descriptor.xml and re-deployed to the server
  3. Checked that the app now fails connecting to the Worklight Server when App Authenticity rule is set to Enabled, blocking in Worklight Console
  4. Checked that the app passes if set to Enabled, serving
  5. Checked that the app passes if set to Disabled

In my testing:

  • I used Worklight Studio Consumer Edition in Windows 7(with the embedded Liberty application server), not with also a separate application server that you deploy Worklight Server to. As long as the same steps above were done (with minor change - also need to deploy the .wlapp), I don't see any difference...
  • Make sure you got the keystore part correctly; that is, use the same keystore in the server and application.