CODEWITHSUNDEEP
ibm-mobilefirstmobilefirst-adaptersmobilefirst-server
Nick H
Nick H

Reputation: 8992

IBM MobileFirst 7.1 - WL.Server.getActiveUser returning null immediately after being set

Here is the code I am working with

function createUser(realm, userid, displayName, sessionToken, devicePrint){
    var userIdentity = {
            'userId' : userid,
            'displayName' : displayName, 
            attributes: {
                'credentials' : sessionToken,
                'authenticatedDate' : new Date(),
                'devicePrint' : devicePrint
            }
    };

    LOG.info("Realm = " + realm + "\n UserIdentity = " + JSON.stringify(userIdentity));

    WL.Server.setActiveUser(realm, null);
    WL.Server.setActiveUser(realm, userIdentity);

    var user = WL.Server.getActiveUser(realm);
    LOG.info("User = " + JSON.stringify(user));
}

Everything looks good when I call WL.Server.setActiveUser(realm, userIdentity); (Params are all populated and look correct). Immediately after I call WL.Server.getActiveUser on that same exact realm, it is returning null.

I suspect session independent mode, but I have confirmed it is set to false.

mfp.session.independent=false
mfp.attrStore.type=httpsession

This is my procedures XML congifuration (the procedure that calls the createUser() function)

<procedure name="validateUserId" securityTest="wl_unprotected">
    <displayName>Validate UserID</displayName>
</procedure>

What else could it be?

Edit: authenticationConfig.xml

    <realms>
        <!-- Realm used once authentication completes -->
        <realm loginModule="CustomMFALoginModule" name="CustomMFAAuthenticatorRealm">
            <className>com.worklight.integration.auth.AdapterAuthenticator</className>
            <parameter name="login-function" value="AuthAdapter.onAuthRequired"/>
            <parameter name="logout-function" value="AuthAdapter.logout"/>
        </realm>

        <!-- Realm used on validate user and challenge calls from MFA -->
        <realm loginModule="CustomMFAInitLoginModule" name="CustomMFAAuthenticatorInitRealm">
            <className>com.worklight.integration.auth.AdapterAuthenticator</className>
            <parameter name="login-function" value="AuthAdapter.onAuthRequired"/>
            <parameter name="logout-function" value="AuthAdapter.logout"/>
        </realm>

        <realm loginModule="StrongDummy" name="SampleAppRealm">
            <className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
        </realm>

        <realm loginModule="rejectAll" name="SubscribeServlet">
            <className>com.worklight.core.auth.ext.HeaderAuthenticator</className>          
        </realm>                
    </realms>

    <loginModules>
        <loginModule expirationInSeconds="-1" name="CustomMFALoginModule">
            <className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
        </loginModule>

        <loginModule expirationInSeconds="-1" name="CustomMFAInitLoginModule">
            <className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
        </loginModule>

        <loginModule expirationInSeconds="-1" name="StrongDummy">
            <className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
        </loginModule>

        <loginModule expirationInSeconds="-1" name="requireLogin">
            <className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
        </loginModule>

        <loginModule expirationInSeconds="-1" name="rejectAll">
            <className>com.worklight.core.auth.ext.RejectingLoginModule</className>
        </loginModule>              
    </loginModules>

SecurityTests

    <securityTests>
        <customSecurityTest name="MFAAuthenticated-securityTest">
            <test realm="wl_authenticityRealm" step="1"/>
            <test isInternalUserID="true" realm="CustomMFAAuthenticatorRealm" step="1"/>
        </customSecurityTest>

        <customSecurityTest name="SubscribeServlet">
            <test isInternalUserID="true" realm="SubscribeServlet"/>
        </customSecurityTest>
     </securityTests>

Upvotes: 0

Views: 551

Answers (1)

Nazmul Hasan
Nazmul Hasan

Reputation: 10590

Well , could you try to download MFP The latest from fix center http://www-01.ibm.com/support/docview.wss?uid=swg2C7000003 .

Hopefully that will be fixes otherwise you should be handled as a PMR (support ticket). Once you open the PMR, please mention its number in the question.

UPDATE

for session independent mode,

mfp.session.independent=false
mfp.attrStore.type=httpsession

Browser not work perfectly better use desktop browser to test

The other thing is that, To test, you need to use either simulators/emulators or physical devices.

Upvotes: 0

Related Questions