Authentication Worklight 6.2使用OpenDS对LDAP进行身份验证
我正在努力使用openDS实现ldap身份验证。我使用Worklight Studio 6.2和Apache DS 2.0作为ldap浏览器 项目应该调用一个登录页面,然后将用户名和密码提交给ldap进行身份验证 我在firefox控制台中遇到以下错误:Authentication Worklight 6.2使用OpenDS对LDAP进行身份验证,authentication,ldap,ibm-mobilefirst,local,opends,Authentication,Ldap,Ibm Mobilefirst,Local,Opends,我正在努力使用openDS实现ldap身份验证。我使用Worklight Studio 6.2和Apache DS 2.0作为ldap浏览器 项目应该调用一个登录页面,然后将用户名和密码提交给ldap进行身份验证 我在firefox控制台中遇到以下错误: POST http://x.x.x.x:10080/LDAPTest/apps/services/j_security_check [HTTP/1.1 200 OK 253ms] undefined entity j_security_chec
POST http://x.x.x.x:10080/LDAPTest/apps/services/j_security_check [HTTP/1.1 200 OK 253ms]
undefined entity j_security_check:134
在eclipse中的worklight控制台中:
[WARNING ] FWLSE0138W: LdapLoginModule authentication failed. Reason 'javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
[WARNING ] FWLSE0239W: Authentication failure in realm 'LDAPRealm': login fail [project LDAPTest]
我认为问题要么是我的连接字符串,要么是我的challange处理程序。但我怀疑,由于我的error是无效凭据,因此它必须是authenticationconfig.xml中的连接字符串
我尝试过几种方法,包括这里的一些帖子,例如:
还有其他的。我按照IBMLDAP示例进行了设置,并进行了检查以确保具有相同的结构
如果你能帮我解决这个问题,我将不胜感激。另外,如果你认为我应该检查我的LDAP配置,我也可以发布,我遵循了OpenDSWiki的教程。我能够使用apache browser studio和softera LDAP administrator连接到它
我的项目如下:-
index.html:
我的助手:
js文件
xml文件:
firefox控制台还返回用于j_seSecurity_检查的未定义实体和行号134,这在下面的代码段中是dic前的最后一行。
它所指的代码如下:
body onload="isPopup(); setFocus();">
<div id="authenticatorLoginFormWrapper">
<h1>IBM</h1>
<h2>IBM Worklight</h2>
<form method="post" action="j_security_check">
<p id="error">Please check the credentials</p>
<label for="j_username">User name:</label>
<input type="text" id="j_username" name="j_username" placeholder="User name" />
<br />
<label for="j_password">Password:</label>
<input type="password" id="j_password" name="j_password" placeholder="Password" />
<br />
<input type="submit" id="login" name="login" value="Log In" />
</form>
<p id="copyright">© 2006, 2012 IBM Corporation. <a href="#" target="_blank">Trademark</a></p>
</div>
您能否尝试消除设置中的一些变量,并作为第一步检查LDAP服务器是否正确配置 您可以使用以下选项:
要使用命令行工具简单地连接到ldap服务器,我遇到了一个类似的问题,在我的例子中,一个有效的配置是在authenticationConfig.xml文件中从simple移动到exists。 但特别是大跃进不再在ldapSecurityPrincipalPattern中使用uid,而是为用户使用cn 我粘贴下面的配置,希望它对您有用。请注意,在我的特定情况下,我设置了一个测试服务器corp.workgroup.com域:
<loginModules>
<loginModule expirationInSeconds="-1" name="LDAPLoginModule">
<className>com.worklight.core.auth.ext.LdapLoginModule</className>
<parameter name="ldapProviderUrl" value="ldap://yourserver" />
<parameter name="ldapTimeoutMs" value="2000" />
<parameter name="ldapSecurityAuthentication" value="simple" />
<parameter name="validationType" value="exists" />
<parameter name="ldapSecurityPrincipalPattern" value="cn={username},cn=Users,dc=corp,dc=workgroup,dc=com" />
<parameter name="ldapReferral" value="ignore" />
</loginModule>
我看不出马上有什么不对劲。你能把回复的内容贴出来吗?可能存在质询处理程序无法处理的隐藏错误。抱歉,Mike响应太晚,请查找上面作为编辑添加的j_security_检查的内容。我没有发现任何有用的东西。我一直在玩弄我的连接字符串,试图弄清楚问题是否在哪里,但还没有确定的答案
var LDAPRealmChallengeHandler = WL.Client.createChallengeHandler("LDAPRealm");
LDAPRealmChallengeHandler.isCustomResponse = function(response) {
if (!response || !response.responseText) {
WL.Logger.info('failed to authenticate');
}
var idx = response.responseText.indexOf("j_security_check");
if (idx >= 0){
WL.Logger.info("Authenticated");
return true;
}
return false;
};
LDAPRealmChallengeHandler.handleChallenge = function(response){
$('#AppDiv').hide();
$('#AuthDiv').show();
$('#passwordInputField').val('');
};
$('#loginButton').bind('click', function () {
var reqURL = '/j_security_check';
var options = {};
options.parameters = {
j_username : $('#usernameInputField').val(),
j_password : $('#passwordInputField').val()
};
options.headers = {};
LDAPRealmChallengeHandler.submitLoginForm(reqURL, options, LDAPRealmChallengeHandler.submitLoginFormCallback);
});
$('#cancelButton').bind('click', function () {
$('#AppDiv').show();
$('#AuthDiv').hide();
LDAPRealmChallengeHandler.submitFailure();
});
LDAPRealmChallengeHandler.submitLoginFormCallback = function(response) {
var isLoginFormResponse = LDAPRealmChallengeHandler.isCustomResponse(response);
if (isLoginFormResponse){
LDAPRealmChallengeHandler.handleChallenge(response);
} else {
$('#AppDiv').show();
$('#AuthDiv').hide();
LDAPRealmChallengeHandler.submitSuccess();
}
};
function getSecretData(){
console.log("getting you secrets mofos");
return {secretData: 1234};
}
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed Materials - Property of IBM
5725-I43 (C) Copyright IBM Corp. 2011, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use, duplication or
disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
-->
<wl:adapter name="LDAPter"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:wl="http://www.worklight.com/integration"
xmlns:http="http://www.worklight.com/integration/http">
<displayName>LDAPter</displayName>
<description>LDAPter</description>
<connectivity>
<connectionPolicy xsi:type="http:HTTPConnectionPolicyType">
<protocol>http</protocol>
<domain>none</domain>
<port>80</port>
</connectionPolicy>
<loadConstraints maxConcurrentConnectionsPerNode="2" />
</connectivity>
<procedure name="getSecretData" securityTest="LDAPSecurityTest" />
</wl:adapter>
The authenticationConfig.xml:
<?xml version="1.0" encoding="UTF-8"?>
<tns:loginConfiguration xmlns:tns="http://www.worklight.com/auth/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<!-- Licensed Materials - Property of IBM 5725-I43 (C) Copyright IBM Corp.
2006, 2013. All Rights Reserved. US Government Users Restricted Rights -
Use, duplication or disclosure restricted by GSA ADP Schedule Contract with
IBM Corp. -->
<staticResources>
<!-- <resource id="logUploadServlet" securityTest="LogUploadServlet"> <urlPatterns>/apps/services/loguploader*</urlPatterns>
</resource> -->
<resource id="subscribeServlet" securityTest="SubscribeServlet">
<urlPatterns>/subscribeSMS*;/receiveSMS*;/ussd*</urlPatterns>
</resource>
</staticResources>
<!-- Sample security tests Even if not used there will be some default webSecurityTest
and mobileSecurityTest Attention: If you are adding an app authenticity realm
to a security test, you must also update the application-descriptor.xml.
Please refer to the user documentation on application authenticity for environment
specific guidelines. -->
<securityTests>
<customSecurityTest name="LDAPSecurityTest">
<test isInternalUserID="true" realm="LDAPRealm" />
</customSecurityTest>
<!-- <mobileSecurityTest name="mobileTests"> <testAppAuthenticity/> <testDeviceId
provisioningType="none" /> <testUser realm="myMobileLoginForm" /> <testDirectUpdate
mode="perSession" /> </mobileSecurityTest> <webSecurityTest name="webTests">
<testUser realm="myWebLoginForm"/> </webSecurityTest> <customSecurityTest
name="customTests"> <test realm="wl_antiXSRFRealm" step="1"/> <test realm="wl_authenticityRealm"
step="1"/> <test realm="wl_remoteDisableRealm" step="1"/> <test realm="wl_directUpdateRealm"
mode="perSession" step="1"/> <test realm="wl_anonymousUserRealm" isInternalUserID="true"
step="1"/> <test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true"
step="2"/> </customSecurityTest> <customSecurityTest name="LogUploadServlet">
<test realm="wl_anonymousUserRealm" step="1"/> <test realm="LogUploadServlet"
isInternalUserID="true"/> </customSecurityTest> -->
<customSecurityTest name="SubscribeServlet">
<test realm="SubscribeServlet" isInternalUserID="true" />
</customSecurityTest>
</securityTests>
<realms>
<realm loginModule="LDAPLoginModule" name="LDAPRealm">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
<onLoginUrl>/console</onLoginUrl>
</realm>
<realm name="SubscribeServlet" loginModule="rejectAll">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm>
<!-- For client logger -->
<!-- <realm name="LogUploadServlet" loginModule="StrongDummy"> <className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm -->
<!-- For websphere -->
<!-- realm name="WASLTPARealm" loginModule="WASLTPAModule"> <className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
<parameter name="login-page" value="/login.html"/> <parameter name="error-page"
value="/loginError.html"/> </realm -->
<!-- For User Certificate Authentication -->
<!-- realm name="wl_userCertificateAuthRealm" loginModule="WLUserCertificateLoginModule">
<className>com.worklight.core.auth.ext.UserCertificateAuthenticator</className>
<parameter name="dependent-user-auth-realm" value="WASLTPARealm" /> <parameter
name="pki-bridge-class" value="com.worklight.core.auth.ext.UserCertificateEmbeddedPKI"
/> <parameter name="embedded-pki-bridge-ca-p12-file-path" value="/opt/ssl_ca/ca.p12"/>
<parameter name="embedded-pki-bridge-ca-p12-password" value="capassword"
/> </realm -->
<!-- For Trusteer Fraud Detection -->
<!-- Requires acquiring Trusteer SDK -->
<!-- realm name="wl_basicTrusteerFraudDetectionRealm" loginModule="trusteerFraudDetectionLogin">
<className>com.worklight.core.auth.ext.TrusteerAuthenticator</className>
<parameter name="rooted-device" value="block"/> <parameter name="device-with-malware"
value="block"/> <parameter name="rooted-hiders" value="block"/> <parameter
name="unsecured-wifi" value="alert"/> <parameter name="outdated-configuration"
value="alert"/> </realm -->
</realms>
<loginModules>
<loginModule name="LDAPLoginModule">
<className>com.worklight.core.auth.ext.LdapLoginModule</className>
<parameter name="ldapProviderUrl" value="ldap://localhost:389/dc=sigma,dc=com" />
<parameter name="ldapTimeoutMs" value="2000"/>
<parameter name="ldapSecurityAuthentication" value="simple"/>
<parameter name="validationType" value="searchPattern"/>
<parameter name="ldapSecurityPrincipalPattern" value="uid={username},ou=users,dc=sigma,dc=com"/>
<parameter name="ldapSearchFilterPattern" value="(uid={username})"/>
<parameter name="ldapSearchBase" value="ou=users,dc=sigma,dc=com"/>
</loginModule>
<loginModule name="StrongDummy">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
<loginModule name="requireLogin">
<className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
</loginModule>
<loginModule name="rejectAll">
<className>com.worklight.core.auth.ext.RejectingLoginModule</className>
</loginModule>
<!-- Required for Trusteer - wl_basicTrusteerFraudDetectionRealm -->
<!-- loginModule name="trusteerFraudDetectionLogin"> <className>com.worklight.core.auth.ext.TrusteerLoginModule</className>
</loginModule -->
<!-- For websphere -->
<!-- loginModule name="WASLTPAModule"> <className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
</loginModule -->
<!-- Login module for User Certificate Authentication -->
<!-- <loginModule name="WLUserCertificateLoginModule"> <className>com.worklight.core.auth.ext.UserCertificateLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with no-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceNoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with auto-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceAutoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
</loginModules>
</tns:loginConfiguration>
Request URL: http://x.x.x.x:10080/LDAPTest/apps/services/j_security_check
Request Method: POST
Status Code: HTTP/1.1 200 OK
Request Headers 12:47:00.000
x-wl-app-version: 1.0
x-wl-analytics-tracking-id: a948e425-1ace-a28b-3d27-11bac5ba3de3
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
Referer: http://10.2.38.14:10080/LDAPTest/apps/services/preview/LDAPTest/common/0/default/index.html
Pragma: no-cache
Host: 10.2.38.14:10080
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 37
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: en-US
Accept-Encoding: gzip, deflate
Accept: text/javascript, text/html, application/xml, text/xml, */*
Sent Cookie
WL_PERSISTENT_COOKIE: b24de65a-9c5a-4f58-97d7-348e92c78034
testcookie: oreo
LtpaToken2: rZBXVP4XKLnpvJpLFrp3UArtZGrcsGAXr4jGDTBurns9Ej5Nrx1s4/yWsDJJN6xfWkxWh1/3bBruHvL9twdae1qVcE2/D/0GfMwd1pVLbpowclNLFtqKBonEXxV6TlFIVaKgKz62SHR2to3Az/vbTjF+ZH8V1QnAdGi6dC8mk+wympju0P/4hLKWHseN9Sty2UM94cL2Cd+vcBGhJ5QVF211RIwQTXuGeQl+WMTg6B8Kfjlvly4sanyVr5va2AW38752VNEWtdnsrTHcayO/lAG1SyebFEKtaTVZhOPBkml5m6AojEGlDbcUjjof6e9H
JSESSIONID: 0000QTvrT7OBSgjn7OJG9XPMtIE:b45f2ac7-fb59-4da4-b233-f8bc81b81cf0
Response Headers Δ315ms
X-Powered-By: Servlet/3.0
Transfer-Encoding: chunked
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Expires: -1
Date: Mon, 10 Nov 2014 11:47:00 GMT
Content-Language: en-US
body onload="isPopup(); setFocus();">
<div id="authenticatorLoginFormWrapper">
<h1>IBM</h1>
<h2>IBM Worklight</h2>
<form method="post" action="j_security_check">
<p id="error">Please check the credentials</p>
<label for="j_username">User name:</label>
<input type="text" id="j_username" name="j_username" placeholder="User name" />
<br />
<label for="j_password">Password:</label>
<input type="password" id="j_password" name="j_password" placeholder="Password" />
<br />
<input type="submit" id="login" name="login" value="Log In" />
</form>
<p id="copyright">© 2006, 2012 IBM Corporation. <a href="#" target="_blank">Trademark</a></p>
</div>
<loginModules>
<loginModule expirationInSeconds="-1" name="LDAPLoginModule">
<className>com.worklight.core.auth.ext.LdapLoginModule</className>
<parameter name="ldapProviderUrl" value="ldap://yourserver" />
<parameter name="ldapTimeoutMs" value="2000" />
<parameter name="ldapSecurityAuthentication" value="simple" />
<parameter name="validationType" value="exists" />
<parameter name="ldapSecurityPrincipalPattern" value="cn={username},cn=Users,dc=corp,dc=workgroup,dc=com" />
<parameter name="ldapReferral" value="ignore" />
</loginModule>