1
votes

I'm finding the documentation for authentication extremely confusing.

What I'd like to do is to have the very first page in my mobile application be a login page. Here I would like the user to enter their username and password and then I use that to authenticate to the server. I don't want to authenticate against an adapter but rather against the application.

I thought if I put a test against the common code in the application-descriptor.xml file like this <common securityTest="BasicAuthTest"/> I could protect the app.

In the authenticationConfig.xml I have

    <mobileSecurityTest name="BasicAuthTest">
        <testAppAuthenticity/> 
        <testDeviceId provisioningType="none" />
        <testUser realm="SampleAppRealm" />
    </mobileSecurityTest>

and also in the realms section

<realm name="SampleAppRealm" loginModule="StrongDummy">
    <className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
</realm>

and finally in the loginModules section

<loginModule name="StrongDummy">
    <className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>

However I get the error

{"WL-Authentication-Failure":{"wl_authenticityRealm":{"reason":"missing shared data required for authenticity test"}}}

I don't know what this missing shared data is. Can anyone enlighten me please?

ps I'm running Worklight v6.0.0.1 Enterprise edition and I have pointed my WL Studio to my WL server that I am running on top of a WebSphere Liberty server v8.5.5

If anyone can point me at a good tutorial for this other than the stuff in the Getting Started that would be great.

1

1 Answers

1
votes
  1. App Authenticity is not related at all to what you're trying to accomplish (a login form on application startup); App Authenticity takes place during the initialization of the app as it tries to connect to the Worklight Server for the first time in its session, before any authentication on the client-side.
  2. App Authenticity is available only for iOS and Android.
  3. A detailed explanation of the security tests concept. I suggest to thoroughly read it.
  4. The error message is due to incomplete setup of App Authenticity; from the error I will guess that you are trying to use your app on an Android device; Please read the material linked in 1 above about how to properly setup App Authenticity.

As for your authentication approach, you can just use form-based authentication. The Getting Started training modules do a good job at guiding you how to do so (you must start with the Authentication Concepts training module).

First resolve your App Authenticity issue by following the guide in 1 above.