Ibm mobilefirst Worklight企业身份验证问题与BB10

Ibm mobilefirst Worklight企业身份验证问题与BB10,ibm-mobilefirst,blackberry-10,worklight-security,Ibm Mobilefirst,Blackberry 10,Worklight Security,我正在为一家使用WL enterprise edition 6.2.0.1版的公司开发银行应用程序, 我已经为应用程序部署了WAR文件,并为Mobile和Web实现了安全测试 在iPhone、Android和web mobile上一切正常。 然而,当我尝试通过BB 10(z10或Q10)连接时,我在服务器日志中发现了这个错误 错误日志: LoginContext E com.worklight.core.auth.impl.LoginContext processRequest FWLSE011

我正在为一家使用WL enterprise edition 6.2.0.1版的公司开发银行应用程序, 我已经为应用程序部署了WAR文件,并为Mobile和Web实现了安全测试

在iPhone、Android和web mobile上一切正常。
然而,当我尝试通过BB 10(z10或Q10)连接时,我在服务器日志中发现了这个错误

错误日志:

LoginContext E com.worklight.core.auth.impl.LoginContext processRequest FWLSE0117E:错误代码:4,错误描述: 身份验证\u错误,错误消息:验证时发生错误 使用loginModule执行身份验证 WLDeviceProvisioningLogginModule,用户标识不可用。 [移动银行项目][移动银行项目]

authenticationConfig.xml如下所示

<?xml version="1.0" encoding="UTF-8"?>


/订阅MS*/接收短信*/ussd*

com.worklight.integration.auth.AdapterAuthenticator
com.worklight.core.auth.ext.HeaderAuthenticator
com.worklight.core.auth.ext.NonValidatingLoginModule
com.worklight.core.auth.ext.RejectingLoginModule

Application-descriptor.xml: 我保持原样,和原样一样, 我已经更改了BB参数以进行测试,每个测试都是单独进行的,并且每次更改都会在BB10设备上部署应用程序,但不起作用:

<android version="1.0">
    <worklightSettings include="true"/>
    <security>
        <encryptWebResources enabled="true"/>
        <testWebResourcesChecksum enabled="true" ignoreFileExtensions="png, jpg, jpeg, gif, mp4, mp3"/>
        <publicSigningKey/>
    </security>
</android>
<blackberry10 version="1.0"> </blackberry10>

如何解决此问题?是否需要在WL enterprise server上为BB安装认证?BB10的领域问题有解决方案吗


谢谢

我们通过向IBM提出PMR解决了这个问题。
他们为我们提供了Eclipse kepler的更新,其中包含BB身份验证的修复程序和32个额外的修复程序。

BB10的application-descriptor.xml设置应该与iPhone和Android相同。如果您可以提供一个更完整的示例,我们可以尝试重新创建此错误。相同的设置是什么意思?使用的安全测试。我已更新了身份验证配置和应用程序描述,请检查它。
 <securityTests>
    <mobileSecurityTest name="MobileBankingTestMobile">
        <testDeviceId provisioningType="none" />
        <testDirectUpdate mode="perSession" />
    </mobileSecurityTest>

    <webSecurityTest name="MobileBankingTest">
        <testUser realm="MobileBankingRealm" />
    </webSecurityTest>

    <customSecurityTest name="SubscribeServlet">
        <test realm="SubscribeServlet" isInternalUserID="true"/>
    </customSecurityTest>           

</securityTests> 

<realms>
    <realm loginModule="BankingLoginModule" name="MobileBankingRealm">
        <className>com.worklight.integration.auth.AdapterAuthenticator</className>
        <parameter name="login-function" value="MBCAuthenticationAdapter.onAuthRequired" />
        <parameter name="logout-function" value="MBCAuthenticationAdapter.onLogout" />
    </realm>

    <!-- <realm name="SampleAppRealm" loginModule="StrongDummy">
        <className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
    </realm> -->

    <realm name="SubscribeServlet" loginModule="rejectAll">
        <className>com.worklight.core.auth.ext.HeaderAuthenticator</className>          
    </realm>

    <!-- For client logger -->
    <!-- <realm name="LogUploadServlet" loginModule="StrongDummy">
        <className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
    </realm -->

    <!-- For websphere -->
    <!-- realm name="WASLTPARealm" loginModule="WASLTPAModule">
        <className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
        <parameter name="login-page" value="/login.html"/>
        <parameter name="error-page" value="/loginError.html"/>
    </realm -->

    <!-- For User Certificate Authentication -->
    <!-- realm name="wl_userCertificateAuthRealm" loginModule="WLUserCertificateLoginModule">
        <className>com.worklight.core.auth.ext.UserCertificateAuthenticator</className>
        <parameter name="dependent-user-auth-realm" value="WASLTPARealm" />
        <parameter name="pki-bridge-class" value="com.worklight.core.auth.ext.UserCertificateEmbeddedPKI" />
        <parameter name="embedded-pki-bridge-ca-p12-file-path" value="/opt/ssl_ca/ca.p12"/> 
        <parameter name="embedded-pki-bridge-ca-p12-password" value="capassword" />
    </realm -->

    <!-- For Trusteer Fraud Detection -->
    <!-- Requires acquiring Trusteer SDK --> 
    <!-- realm name="wl_basicTrusteerFraudDetectionRealm" loginModule="trusteerFraudDetectionLogin">
        <className>com.worklight.core.auth.ext.TrusteerAuthenticator</className>
        <parameter name="rooted-device" value="block"/>
        <parameter name="device-with-malware" value="block"/>
        <parameter name="rooted-hiders" value="block"/>
        <parameter name="unsecured-wifi" value="alert"/>
        <parameter name="outdated-configuration" value="alert"/>
    </realm -->

</realms>

<loginModules>
    <loginModule name="BankingLoginModule">
        <className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
    </loginModule>

    <!-- <loginModule name="StrongDummy">
        <className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
    </loginModule>

    <loginModule name="requireLogin">
        <className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
    </loginModule> -->

    <loginModule name="rejectAll">
        <className>com.worklight.core.auth.ext.RejectingLoginModule</className>
    </loginModule>

    <!-- Required for Trusteer - wl_basicTrusteerFraudDetectionRealm -->        
    <!-- loginModule name="trusteerFraudDetectionLogin">
        <className>com.worklight.core.auth.ext.TrusteerLoginModule</className>
    </loginModule-->

    <!-- For websphere -->
    <!-- loginModule name="WASLTPAModule">
        <className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
    </loginModule -->

    <!-- Login module for User Certificate Authentication -->
    <!-- <loginModule name="WLUserCertificateLoginModule">
        <className>com.worklight.core.auth.ext.UserCertificateLoginModule</className>
    </loginModule> -->


    <!-- For enabling SSO with no-provisioning device authentication -->
    <!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceNoProvisioningLoginModule">
        <className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
    </loginModule> -->


    <!-- For enabling SSO with auto-provisioning device authentication -->
    <!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceAutoProvisioningLoginModule">
        <className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
    </loginModule> -->
</loginModules>
<android version="1.0">
    <worklightSettings include="true"/>
    <security>
        <encryptWebResources enabled="true"/>
        <testWebResourcesChecksum enabled="true" ignoreFileExtensions="png, jpg, jpeg, gif, mp4, mp3"/>
        <publicSigningKey/>
    </security>
</android>
<blackberry10 version="1.0"> </blackberry10>