I tried to follow the tutorial at this url, the tutorial is so straight forward but I just couldn't get the correct outcome.
below is my authenticationConfig.xml
<securityTests>
<customSecurityTest name="custom-mobilesecurityTest">
<test realm="wl_antiXSRFRealm" step="1"/>
<test realm="wl_authenticityRealm" step="2"/>
<test realm="HeaderAuthRealm" isInternalUserID="true" step="3"/>
</customSecurityTest>
</securityTests>
But the App Authentication appeared in console is always "Access Disabled", I can't enable it. Did I missing anything here?
It would be more helpful if you would mention what you've actually done, because configuring authenticationConfig.xml is only 1 step of several.
Also note that for App Authenticity to really work and not use dummy implementation, you must use the Consumer edition of IBM Worklight (i.e., be a paying customer and install the correct version of Worklight Studio and Worklight Server).
I believe that for your problem, you have not done step 2 below.
Steps to enable App Authenticity:
Configure a security test that has the wl_authenticityRealm realm:
<customSecurityTest name="customTests">
<test realm="wl_antiXSRFRealm" step="1"/>
<test realm="wl_authenticityRealm" step="1"/>
<test realm="wl_remoteDisableRealm" step="1"/>
<test realm="wl_anonymousUserRealm" isInternalUserID="true" step="1"/>
<test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="2"/>
</customSecurityTest>
^ This is mentioned in slide 9
Place this securityTest on the environment(s) in application-descriptor.xml, for example:
<android version="1.0" securityTest="customTests">
For Android, generate the public signing key:
<android version="1.0" securityTest="customTests">
<worklightSettings include="true"/>
<security>
<encryptWebResources enabled="false"/>
<testWebResourcesChecksum enabled="false" ignoreFileExtensions="png, jpg, jpeg, gif, mp4, mp3"/>
<publicSigningKey>MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBdfdsfdsfiQKBgQCPCbaCfAfnAqQ12/S5LLfA4cBz/3INyLRPhFGSVFztdWNzPhrna1xDc8/3V1sUIW2odfdfddfdfffdR2n3dAnNMVydfdfdfv68gmU5qVCN4LxSKKRAj7VVbhBxBIEt5MbY+c0o7NZ2Pgu/moJee8Wgu8veZ1TJntYn+cWCYuI/JSnA9nsskwhSdPHK32edsfsdfdfQIDAQAB</publicSigningKey>
</security>
</android>
^ This is mentioned in slides 10-13
For iOS, place the app bundleId:
<iphone bundleId="com.worklight.test" version="1.0" securityTest="customTests">
^ This is mentioned in slides 10-13
- Run As > Run on Worklight Development Server
Now the App Authenticity dropdown should be enabled for you in Worklight Console.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://i.stack.imgur.com/nGd8h.png', '推荐 做自己的国王 的文章《IBM Worklight - How to enable App Authenticity in 》','https://www.manongdao.com/article-1201765.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}