TechQA.

Worklight Enterprise authentication issue with BB10

219 views Asked by At

I'm developing a bank app for a company using WL enterprise edition with version 6.2.0.1, I have deployed the WAR file for the application and implemented a securityTest for Mobile and Web.

Everything is working fine on iPhone, Android and web mobile.
However, when i try to connect through BB 10 (z10 or Q10) i'm getting this error on the server log.

Error log:

LoginContext E com.worklight.core.auth.impl.LoginContext processRequest FWLSE0117E: Error code: 4, error description: AUTHENTICATION_ERROR, error message: An error occurred while performing authentication using loginModule WLDeviceNoProvisioningLoginModule, User Identity Not available. [project MobileBanking] [project MobileBanking]

the authenticationConfig.xml is the following

<?xml version="1.0" encoding="UTF-8"?>


    <!-- Licensed Materials - Property of IBM
         5725-I43 (C) Copyright IBM Corp. 2006, 2013. All Rights Reserved.
         US Government Users Restricted Rights - Use, duplication or
         disclosure restricted by GSA ADP Schedule Contract with IBM Corp. -->  

 <staticResources>
    <resource id="subscribeServlet" securityTest="SubscribeServlet">
        <urlPatterns>/subscribeSMS*;/receiveSMS*;/ussd*</urlPatterns>
    </resource>

</staticResources> 

 <securityTests>
    <mobileSecurityTest name="MobileBankingTestMobile">
        <testDeviceId provisioningType="none" />
        <testDirectUpdate mode="perSession" />
    </mobileSecurityTest>

    <webSecurityTest name="MobileBankingTest">
        <testUser realm="MobileBankingRealm" />
    </webSecurityTest>

    <customSecurityTest name="SubscribeServlet">
        <test realm="SubscribeServlet" isInternalUserID="true"/>
    </customSecurityTest>           

</securityTests> 

<realms>
    <realm loginModule="BankingLoginModule" name="MobileBankingRealm">
        <className>com.worklight.integration.auth.AdapterAuthenticator</className>
        <parameter name="login-function" value="MBCAuthenticationAdapter.onAuthRequired" />
        <parameter name="logout-function" value="MBCAuthenticationAdapter.onLogout" />
    </realm>

    <!-- <realm name="SampleAppRealm" loginModule="StrongDummy">
        <className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
    </realm> -->

    <realm name="SubscribeServlet" loginModule="rejectAll">
        <className>com.worklight.core.auth.ext.HeaderAuthenticator</className>          
    </realm>

    <!-- For client logger -->
    <!-- <realm name="LogUploadServlet" loginModule="StrongDummy">
        <className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
    </realm -->

    <!-- For websphere -->
    <!-- realm name="WASLTPARealm" loginModule="WASLTPAModule">
        <className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
        <parameter name="login-page" value="/login.html"/>
        <parameter name="error-page" value="/loginError.html"/>
    </realm -->

    <!-- For User Certificate Authentication -->
    <!-- realm name="wl_userCertificateAuthRealm" loginModule="WLUserCertificateLoginModule">
        <className>com.worklight.core.auth.ext.UserCertificateAuthenticator</className>
        <parameter name="dependent-user-auth-realm" value="WASLTPARealm" />
        <parameter name="pki-bridge-class" value="com.worklight.core.auth.ext.UserCertificateEmbeddedPKI" />
        <parameter name="embedded-pki-bridge-ca-p12-file-path" value="/opt/ssl_ca/ca.p12"/> 
        <parameter name="embedded-pki-bridge-ca-p12-password" value="capassword" />
    </realm -->

    <!-- For Trusteer Fraud Detection -->
    <!-- Requires acquiring Trusteer SDK --> 
    <!-- realm name="wl_basicTrusteerFraudDetectionRealm" loginModule="trusteerFraudDetectionLogin">
        <className>com.worklight.core.auth.ext.TrusteerAuthenticator</className>
        <parameter name="rooted-device" value="block"/>
        <parameter name="device-with-malware" value="block"/>
        <parameter name="rooted-hiders" value="block"/>
        <parameter name="unsecured-wifi" value="alert"/>
        <parameter name="outdated-configuration" value="alert"/>
    </realm -->

</realms>

<loginModules>
    <loginModule name="BankingLoginModule">
        <className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
    </loginModule>

    <!-- <loginModule name="StrongDummy">
        <className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
    </loginModule>

    <loginModule name="requireLogin">
        <className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
    </loginModule> -->

    <loginModule name="rejectAll">
        <className>com.worklight.core.auth.ext.RejectingLoginModule</className>
    </loginModule>

    <!-- Required for Trusteer - wl_basicTrusteerFraudDetectionRealm -->        
    <!-- loginModule name="trusteerFraudDetectionLogin">
        <className>com.worklight.core.auth.ext.TrusteerLoginModule</className>
    </loginModule-->

    <!-- For websphere -->
    <!-- loginModule name="WASLTPAModule">
        <className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
    </loginModule -->

    <!-- Login module for User Certificate Authentication -->
    <!-- <loginModule name="WLUserCertificateLoginModule">
        <className>com.worklight.core.auth.ext.UserCertificateLoginModule</className>
    </loginModule> -->


    <!-- For enabling SSO with no-provisioning device authentication -->
    <!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceNoProvisioningLoginModule">
        <className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
    </loginModule> -->


    <!-- For enabling SSO with auto-provisioning device authentication -->
    <!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceAutoProvisioningLoginModule">
        <className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
    </loginModule> -->
</loginModules>

Application-descriptor.xml: I kept it the same with no changes than the original, I have changed the BB parameters for testing, each test is done separately, and the app is being deployed on BB10 Device for each change, but didn't work:

<android version="1.0">
    <worklightSettings include="true"/>
    <security>
        <encryptWebResources enabled="true"/>
        <testWebResourcesChecksum enabled="true" ignoreFileExtensions="png, jpg, jpeg, gif, mp4, mp3"/>
        <publicSigningKey/>
    </security>
</android>
<blackberry10 version="1.0"> </blackberry10>

How can I fix this issue? is there a certification needs to be installed on the WL enterprise server for BB? is there a fix for the realm issue for BB10.?

Thanks

ibm-mobilefirst blackberry-10 worklight-security
Original Q&A
1

There are 1 answers

0
Sami On

We have solved the issue by raising a PMR with IBM. They provided us with an update for Eclipse kepler containing the fix for the BB authentication and with 32 extra fixes.

Related Questions in IBM-MOBILEFIRST

Related Questions in BLACKBERRY-10

Related Questions in WORKLIGHT-SECURITY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions