We've installed the 32-bit RedHat Linux version of Worklight 5.0 server on a machine running Fedora, using Apache Derby as our database and WAS Libery as our server.
Everything seems to be working, except we can't get console security/authentication to happen. The console just lets us in without any username/password.
We tried a few things to get auhentication, and none of them worked:
1. Adding console.username and console.password to the worklight.properties file, as well as enabling the commented <staticResources> section in the authenticationConfig.xml, and making sure our WorklightConsole realm in authenticationConfig had a parameter pointing to a login page.
2. We also tried copy/pasting the +applicationcenter+'s security section in server.xml to the worklight application in server.xml, so we could at least have the same login on both the console and the application server.
3. Then we tried adding what quickStartSecurity.xml from /server/wlp/templates says to do to our server.xml under the worklight application. We also tried managementSecurity.xml's solution.
After each attempt, we restarted the worklight server and tried to go to console, but no authentication showed up. It just let us in.
Andy Joslin | Mobile Consultant | ClearBlade
This topic has been locked.
8 replies Latest Post - 2012-11-04T21:48:40Z by SystemAdmin
Pinned topic Worklight Console authentication on WAS Liberty Profile
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
VV3R_mordechai_taitelman 060000VV3R10 PostsACCEPTED ANSWER
Re: Worklight Console authentication on WAS Liberty Profile2012-07-31T05:25:37Z in response to andytjoslinWorklight console URL is just another URL in a web server.
There are plenty of non-Worklight solutions how to protect a URL in Tomcat, including those with a login form.
Bare in mind: the web.xml inside the Worklight customization WAR may need to be updated too.
My question: after every change you did in the worklight configuration , did you uploaded a new WAR file ? (or maybe you did live updates in tomcat/webapps/yourWAR/WEB-INF/... )
can you elaborate ?
Re: Worklight Console authentication on WAS Liberty Profile2012-07-31T10:48:29Z in response to andytjoslinHi
this works in my environment, so I will share with you.
1. Go to worklight_dir../server/wlp/usr/servers/worklightServer/apps, open worklight.war with a tool like 7ZIP, etc. Go to WEB-INF\classes\conf\
Uncomment the console related section
2. Edit worklight.properties in worklight.war. Go to WEB-INF\classes\conf\
Add console.username and console.password properties at the bottom
4. copy login.html file into worklight.war file in path: WEB-INF\classes\conf\
3. Save changes to both files, make sure that they were updated in worklight.war
Re: Worklight Console authentication on WAS Liberty Profile2012-10-04T21:16:42Z in response to SystemAdminI believe I have found it. Is it the one in Worklight/server/wlp/usr/shared/resources/lib/com/worklight/console/webapp for Liberty?
Re: Worklight Console authentication on WAS Liberty Profile2012-10-04T22:06:26Z in response to SystemAdminUpdate:
I am still not able to lock down the Console in a Liberty profile in a Ubuntu 12.04.1 LTS. I am using WL Server 126.96.36.199. Below are the steps I have taken:
In the /opt/IBM/Worklight/WorklightServer/WEB-INF/classes/conf folder I have the follow 3 files:
in authenticationConfig.xml I have
!-- Uncomment the next element to protect the worklight console -->
<realm name="WorklightConsole" loginModule="requireLogin">
<parameter name="login-page" value="/login.html" />
<loginModule name="requireLogin" canBeResourceLogin="true" isIdentityAssociationKey="true">
In worklight.properties I have:
Am I missing something?
bdodd 120000D8VC1 PostACCEPTED ANSWER
Re: Worklight Console authentication on WAS Liberty Profile2012-10-29T16:13:25Z in response to SystemAdminHi Ralph,
I see that you posted this a few weeks ago. Are you still having the issue?
If so, a couple of pointers. First, have a look at this post for the 188.8.131.52 config file updates:
Second, be sure to make the changes to authenticationConfig.xml and worklight.properties in the
deployed worklight.war file on the Liberty server. In other words, update those files in the
WEB-INF/classes/conf/ directory inside the worklight.war here:
Hope that helps. Reply back if you still have questions or problems.
Re: Worklight Console authentication on WAS Liberty Profile2012-11-04T21:48:40Z in response to bdoddThanks a ton Bill. Sorry not to reply sooner. I had this in the back burner, but I finally got to it today. Totally worked.
I was editing the files in the /opt/IBM/Worklight/WorklightServer/worklight.war. Not the ones you pointed out.
I also had not seen that post with the new language for the authenticationConfig.xml file.
Lastly, I was not properly building the war file back up. I was under the impression that the server would build it automatically once you restarted it.
However, now it is working perfectly.