PI26123: DIRECT UPDATE FAILS WHEN WORKING WITH AUTHENTICITY.

A fix is available

IBM Worklight Interim Fix README for 6.2.0.1

APAR status

Closed as program error.

Error description

direct update fails when working with authenticity.
The client will receive the following error:
HTTP/1.0 403 Forbidden
additional Keywords :
DirectUpdate,Authenticity


Worklight Versions Affected:
6.2
Initial Impact:
high

Local fix

replace the default mobileSecurityTest with a customSecurityTest
 in the authenicationConfig.xml.
Add steps to the different realms so that the that
wl_directUpdateRealm realm will be step 1 and the rest of the
realms will be step 2.
This way the direct update realm will be authenticated before
the rest of the realms.
For example:

<customSecurityTest name="mobileTest">
    <test realm="wl_antiXSRFRealm" step="2" />
    <test realm="wl_remoteDisableRealm" step="2" />
    <test realm="wl_authenticityRealm" step="2" />
    <test realm="wl_deviceNoProvisioningRealm"
isInternalDeviceID="true" step="2" />
    <test realm="wl_directUpdateRealm" step="1" />
    <test realm="AnyOtherRealm" isInternalUserID="true" step="2"
/>
</customSecurityTest>

Do not forget to indicate one realm as your isInternalDeviceID
and one realm as your isInternalUserID as shown above.

Problem summary

****************************************************************
* USERS AFFECTED:                                              *
* End users of Worklight with applications protected by both   *
* authenticity and direct update                               *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* If an application is protected by a security test containing *
* authenticity and direct update, when there is a direct       *
* update to download, the download of the update fails         *
* (because of authenticity).                                   *
* The client will receive the following error:                 *
* HTTP/1.0 403 Forbidden                                       *
****************************************************************
* RECOMMENDATION:                                              *
* -                                                            *
****************************************************************

Problem conclusion

The code was modified so that the download of the direct update
will work with authenticity, and not fail.

Temporary fix

Comments

APAR Information

APAR number
PI26123
Reported component name
WORKLIGHT ENTER
Reported component ID
5725I4300
Reported release
620
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2014-09-22
Closed date
2014-09-23
Last modified date
2014-09-23

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
WORKLIGHT ENTER
Fixed component ID
5725I4300

Applicable component levels

R620 PSY
UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSZH4A","label":"IBM Worklight"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"620","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
14 October 2021

Tips

PI26123: DIRECT UPDATE FAILS WHEN WORKING WITH AUTHENTICITY.

A fix is available

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R620 PSY

Document Information

Share your feedback

Need support?