mobilefirst 7.1身份验证不起作用

Posted 2023-02-25

【中文标题】mobilefirst 7.1身份验证不起作用

【英文标题】：mobilefirst 7.1 authentication not working

【发布时间】：2016-03-01 09:04:51

【问题描述】：

*编辑：一位 IBM 员工今天也拜访了我们，以了解这个问题。 我们没有解决问题，但我们认为问题的根源是别的。所以我会重写问题描述。

由于 appAuthenticityTest 失败，服务器拒绝连接。所以现在我们禁用了 appAuthenticityTest 来测试服务器配置。

但我们现在在日志中看到以下错误：

[3/4/16 16:12:06:529 CET] 000000a4 LoginContext  E com.worklight.core.auth.impl.LoginContext processRequest FWLSE0059E: Login into realm 'wl_authenticityLoginModule' failed. Missing app authenticity configuration parameters. [project mapruntime]
                                 com.worklight.gadgets.GadgetRuntimeException: Missing app authenticity configuration parameters
    at com.worklight.core.auth.ext.appauth.AuthenticityAuthenticatorImpl.processRequest(AuthenticityAuthenticatorImpl.java:82)
    at com.worklight.core.auth.ext.AuthenticityAuthenticator.processRequest(AuthenticityAuthenticator.java:79)
    at com.worklight.core.auth.impl.LoginContext.processRequest(LoginContext.java:212)
    at com.worklight.core.auth.impl.AuthenticationContext.checkAuthentication(AuthenticationContext.java:779)
    at com.worklight.core.auth.impl.AuthenticationContext.processRealms(AuthenticationContext.java:679)
    at com.worklight.core.auth.impl.AuthenticationContext.pushCurrentResource(AuthenticationContext.java:652)
    at com.worklight.core.auth.impl.AuthenticationServiceBean.accessResource(AuthenticationServiceBean.java:81)
    at com.worklight.core.auth.impl.AuthenticationFilter.doFilter(AuthenticationFilter.java:228)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:195)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)
    at com.worklight.analytics.AnalyticsFilter.doFilter(AnalyticsFilter.java:124)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:195)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:967)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1107)
    at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3926)
    at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:304)
    at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1007)
    at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1817)
    at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:200)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:463)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:530)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:316)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:287)
    at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.determineNextChannel(SSLConnectionLink.java:1049)
    at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.readyInboundPostHandshake(SSLConnectionLink.java:717)
    at com.ibm.ws.ssl.channel.impl.SSLConnectionLink$MyHandshakeCompletedCallback.complete(SSLConnectionLink.java:413)
    at com.ibm.ws.ssl.channel.impl.SSLUtils.handleHandshake(SSLUtils.java:1073)
    at com.ibm.ws.ssl.channel.impl.SSLHandshakeIOCallback.complete(SSLHandshakeIOCallback.java:87)
    at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175)
    at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
    at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
    at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
    at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
    at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
    at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
    at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1881)

[3/4/16 16:12:06:537 CET] 000000a4 LoginContext  E com.worklight.core.auth.impl.LoginContext processRequest FWLSE0117E: Error code: 4, error description: AUTHENTICATION_ERROR, error message: An error occurred while performing authentication using loginModule wl_authenticityLoginModule, User Identity Not available. [project mapruntime] [project mapruntime]

我的 application-descriptor.xml 包含：

<android securityTest="MAPCertLogin" version="1.0.4">
  <worklightSettings include="false"/>
  <pushSender key="**********" senderId="******"/>
  <compressWebResources enabled="true"/>
</android>
<common securityTest="MAPCertLogin"/>

我的 authenticationConfig.xml：

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<tns:loginConfiguration xmlns:tns="http://www.worklight.com/auth/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <!-- Licensed Materials - Property of IBM
             5725-I43 (C) Copyright IBM Corp. 2006, 2013. All Rights Reserved.
             US Government Users Restricted Rights - Use, duplication or
             disclosure restricted by GSA ADP Schedule Contract with IBM Corp. -->
    <!---->
    <!--  Sample security tests  
         Even if not used there will be some default webSecurityTest and mobileSecurityTest 
         Attention: if using <testAppAuthenticity/> test below ,<publicSigningKey> element must be added to application-descriptor.xml as well. -->
    <securityTests>
        <mobileSecurityTest name="MAPCertLogin">    
            <testUser realm="MAPLoginRealm"/>   
            <testDirectUpdate mode="perRequest"/>
            <testDeviceId provisioningType="custom" realm="MAPLoginRealm"/>
            <!--  testAppAuthenticity  -->
        </mobileSecurityTest>
     <!--      
        <customSecurityTest name="PushSecurityTest">
            <test isInternalUserID="true" realm="MAPLoginRealm"/>
            <test isInternalDeviceID="true" realm="MAPLoginRealm" />
        </customSecurityTest>
        -->
    </securityTests>
    <realms>
        <realm loginModule="StrongDummy" name="SampleAppRealm">
            <className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
        </realm>
        <realm loginModule="MAPLoginModule" name="MAPLoginRealm">
            <className>com.worklight.core.auth.ext.DeviceAutoProvisioningAuthenticator</className>
            <parameter name="validate-csr-function" value="Authenticator.validateCSR"/>
        </realm>
    </realms>
    <loginModules>
        <loginModule expirationInSeconds="-1" name="StrongDummy">
            <className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
        </loginModule>
        <loginModule expirationInSeconds="-1" name="requireLogin">
            <className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
        </loginModule>
        <loginModule expirationInSeconds="-1" name="MAPLoginModule">
            <className>com.worklight.core.auth.ext.DeviceAutoProvisioningLoginModule</className>
            <parameter name="validate-certificate-function" value="Authenticator.validateCertificate"/>
        </loginModule>
    </loginModules>
</tns:loginConfiguration>

为什么在禁用 appAuthenticityTest 时出现“缺少应用真实性配置参数”错误？

问候， 斯蒂金

【问题讨论】：

以跟踪模式运行服务器并提供日志。你说的“没用”可能有用。因为它没有任何问题可以进一步推进。

您要我设置哪些痕迹？我确实将它设置为 *=all，最后在 4 分钟内得到了 7.5mb 的日志。您希望我如何与您共享日志？它是否包含不应在互联网上公开共享的信息？

我不知道。查看日志以查看它是否包含不应该存在的内容。您可以将其上传到任何文件托管服务 - 谷歌驱动器等。如果您不想共享它，那么我建议您删除此问题并改为打开 PMR。

一旦遇到错误就停止服务器以减少日志大小。

您提到 - “由于 appAuthenticityTest 失败，服务器拒绝连接。所以现在我们禁用了 appAuthenticityTest 来测试服务器配置。” a）当您拥有 appauthenticityTest 时，您是否已将公共签名密钥添加到应用程序描述符中？ b) 注释掉 appauthenticityTest 后，是否重新部署运行时并重新启动服务器以使更改生效？

【参考方案1】：

我认为发生此错误是因为您还尝试实施自定义设备配置，但​​是设备配置需要真实性...因此，请按照应用程序真实性教程修复您的真实性设置，或者同时删除设备配置定义。