IBM Worklight - How to enable App Authenticity in

2019-07-27 03:11发布

站内问答 / 移动开发
1594 1 6

I tried to follow the tutorial at this url, the tutorial is so straight forward but I just couldn't get the correct outcome.

below is my authenticationConfig.xml

<securityTests>
  <customSecurityTest name="custom-mobilesecurityTest">
    <test realm="wl_antiXSRFRealm" step="1"/>
    <test realm="wl_authenticityRealm" step="2"/>
    <test realm="HeaderAuthRealm" isInternalUserID="true" step="3"/>
  </customSecurityTest>
</securityTests>

But the App Authentication appeared in console is always "Access Disabled", I can't enable it. Did I missing anything here?

enter image description here

1条回答
放荡不羁爱自由
2楼-- · 2019-07-27 03:39

It would be more helpful if you would mention what you've actually done, because configuring authenticationConfig.xml is only 1 step of several.

Also note that for App Authenticity to really work and not use dummy implementation, you must use the Consumer edition of IBM Worklight (i.e., be a paying customer and install the correct version of Worklight Studio and Worklight Server).


I believe that for your problem, you have not done step 2 below.


Steps to enable App Authenticity:

  1. Configure a security test that has the wl_authenticityRealm realm:

    <customSecurityTest name="customTests">
     <test realm="wl_antiXSRFRealm" step="1"/>
     <test realm="wl_authenticityRealm" step="1"/>
     <test realm="wl_remoteDisableRealm" step="1"/>
     <test realm="wl_anonymousUserRealm" isInternalUserID="true" step="1"/>
     <test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="2"/>
</customSecurityTest>

    ^ This is mentioned in slide 9

  2. Place this securityTest on the environment(s) in application-descriptor.xml, for example: 

    <android version="1.0" securityTest="customTests">

  3. For Android, generate the public signing key:

    <android version="1.0" securityTest="customTests">
        <worklightSettings include="true"/>
        <security>
            <encryptWebResources enabled="false"/>
            <testWebResourcesChecksum enabled="false" ignoreFileExtensions="png, jpg, jpeg, gif, mp4, mp3"/>
            <publicSigningKey>MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBdfdsfdsfiQKBgQCPCbaCfAfnAqQ12/S5LLfA4cBz/3INyLRPhFGSVFztdWNzPhrna1xDc8/3V1sUIW2odfdfddfdfffdR2n3dAnNMVydfdfdfv68gmU5qVCN4LxSKKRAj7VVbhBxBIEt5MbY+c0o7NZ2Pgu/moJee8Wgu8veZ1TJntYn+cWCYuI/JSnA9nsskwhSdPHK32edsfsdfdfQIDAQAB</publicSigningKey>
        </security>
    </android>

    ^ This is mentioned in slides 10-13

  4. For iOS, place the app bundleId:

    <iphone bundleId="com.worklight.test" version="1.0" securityTest="customTests">

    ^ This is mentioned in slides 10-13

  5. Run As > Run on Worklight Development Server

Now the App Authenticity dropdown should be enabled for you in Worklight Console.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)