Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
8 replies Latest Post - ‏2012-11-04T21:48:40Z by SystemAdmin
andytjoslin
andytjoslin
1 Post
ACCEPTED ANSWER

Pinned topic Worklight Console authentication on WAS Liberty Profile

‏2012-07-30T20:07:18Z |
We've installed the 32-bit RedHat Linux version of Worklight 5.0 server on a machine running Fedora, using Apache Derby as our database and WAS Libery as our server.

Everything seems to be working, except we can't get console security/authentication to happen. The console just lets us in without any username/password.

We tried a few things to get auhentication, and none of them worked:

1. Adding console.username and console.password to the worklight.properties file, as well as enabling the commented <staticResources> section in the authenticationConfig.xml, and making sure our WorklightConsole realm in authenticationConfig had a parameter pointing to a login page.
2. We also tried copy/pasting the +applicationcenter+'s security section in server.xml to the worklight application in server.xml, so we could at least have the same login on both the console and the application server.
3. Then we tried adding what quickStartSecurity.xml from /server/wlp/templates says to do to our server.xml under the worklight application. We also tried managementSecurity.xml's solution.

After each attempt, we restarted the worklight server and tried to go to console, but no authentication showed up. It just let us in.

Any ideas?

Thanks,

Andy Joslin | Mobile Consultant | ClearBlade
  • VV3R_mordechai_taitelman
    10 Posts
    ACCEPTED ANSWER

    Re: Worklight Console authentication on WAS Liberty Profile

    ‏2012-07-31T05:25:37Z  in response to andytjoslin
    Worklight console URL is just another URL in a web server.
    There are plenty of non-Worklight solutions how to protect a URL in Tomcat, including those with a login form.
    Bare in mind: the web.xml inside the Worklight customization WAR may need to be updated too.

    My question: after every change you did in the worklight configuration , did you uploaded a new WAR file ? (or maybe you did live updates in tomcat/webapps/yourWAR/WEB-INF/... )
    can you elaborate ?
  • SystemAdmin
    SystemAdmin
    300 Posts
    ACCEPTED ANSWER

    Re: Worklight Console authentication on WAS Liberty Profile

    ‏2012-07-31T10:48:29Z  in response to andytjoslin
    Hi
    this works in my environment, so I will share with you.
    1. Go to worklight_dir../server/wlp/usr/servers/worklightServer/apps, open worklight.war with a tool like 7ZIP, etc. Go to WEB-INF\classes\conf\
    Edit authenticationConfig.xml
    Uncomment the console related section

    2. Edit worklight.properties in worklight.war. Go to WEB-INF\classes\conf\
    Add console.username and console.password properties at the bottom

    4. copy login.html file into worklight.war file in path: WEB-INF\classes\conf\

    3. Save changes to both files, make sure that they were updated in worklight.war
    Jelena
    • SystemAdmin
      SystemAdmin
      300 Posts
      ACCEPTED ANSWER

      Re: Worklight Console authentication on WAS Liberty Profile

      ‏2012-10-04T21:09:24Z  in response to SystemAdmin
      Jelena, would you mind pointing out where the login.html page is, or we have to code that ourselves?

      Ralph Pina
    • SystemAdmin
      SystemAdmin
      300 Posts
      ACCEPTED ANSWER

      Re: Worklight Console authentication on WAS Liberty Profile

      ‏2012-10-04T21:16:42Z  in response to SystemAdmin
      I believe I have found it. Is it the one in Worklight/server/wlp/usr/shared/resources/lib/com/worklight/console/webapp for Liberty?

      Ralph Pina
      • SystemAdmin
        SystemAdmin
        300 Posts
        ACCEPTED ANSWER

        Re: Worklight Console authentication on WAS Liberty Profile

        ‏2012-10-04T22:06:26Z  in response to SystemAdmin
        Update:

        I am still not able to lock down the Console in a Liberty profile in a Ubuntu 12.04.1 LTS. I am using WL Server 5.0.0.3. Below are the steps I have taken:

        In the /opt/IBM/Worklight/WorklightServer/WEB-INF/classes/conf folder I have the follow 3 files:

        authenticationConfig.xml
        index.html
        worklight.properties

        in authenticationConfig.xml I have

        !-- Uncomment the next element to protect the worklight console -->
        <staticResources>
        <resource id="worklightConsole">
        <urlPatterns>/console*</urlPatterns>
        <resourceRealm>WorklightConsole</resourceRealm>
        </resource>
        </staticResources>

        <realms>
        <realm name="WorklightConsole" loginModule="requireLogin">
        <className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
        <parameter name="login-page" value="/login.html" />
        <onLoginUrl>/console</onLoginUrl>
        </realm>
        </realms>

        <loginModules>
        <loginModule name="requireLogin" canBeResourceLogin="true" isIdentityAssociationKey="true">
        <className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
        </loginModule>
        </loginModules>

        In worklight.properties I have:

        console.username=username
        console.password=password

        Am I missing something?

        Ralph Pina
        • bdodd
          bdodd
          1 Post
          ACCEPTED ANSWER

          Re: Worklight Console authentication on WAS Liberty Profile

          ‏2012-10-29T16:13:25Z  in response to SystemAdmin
          Hi Ralph,

          I see that you posted this a few weeks ago. Are you still having the issue?

          If so, a couple of pointers. First, have a look at this post for the 5.0.0.3 config file updates:

          https://www.ibm.com/developerworks/forums/thread.jspa?threadID=456051&tstart=0

          Second, be sure to make the changes to authenticationConfig.xml and worklight.properties in the
          deployed worklight.war file on the Liberty server. In other words, update those files in the
          WEB-INF/classes/conf/ directory inside the worklight.war here:

          /opt/IBM/Worklight/server/wlp/usr/servers/worklightServer/apps/worklight.war

          Hope that helps. Reply back if you still have questions or problems.

          Thanks,
          Bill
          • SystemAdmin
            SystemAdmin
            300 Posts
            ACCEPTED ANSWER

            Re: Worklight Console authentication on WAS Liberty Profile

            ‏2012-11-04T21:48:40Z  in response to bdodd
            Thanks a ton Bill. Sorry not to reply sooner. I had this in the back burner, but I finally got to it today. Totally worked.

            I was editing the files in the /opt/IBM/Worklight/WorklightServer/worklight.war. Not the ones you pointed out.

            I also had not seen that post with the new language for the authenticationConfig.xml file.

            Lastly, I was not properly building the war file back up. I was under the impression that the server would build it automatically once you restarted it.

            However, now it is working perfectly.

            Ralph Pina