최근에 인증 메카니즘을 데이터 전원 LTPA 인증으로 변경했습니다. auth 자체는 잘 작동하지만 로그인 후 첫 번째 어댑터에 액세스하려고하면 (내 요청에 LTPA 토큰 쿠키가 포함됨) 다음 메시지와 함께 실패합니다. "wl_antiXSRFRealm": { "reason": "Login Failed"}데이터 전원에 대한 인증 후 Worklight antXSFRealm 로그인 실패
wl_antiXSRFRealm이/init 호출에서 userId를 반환합니다. 무언가를 놓친 것이 있습니까?
환경 세부 정보 : Worklight 6.0.0.2 공통 미리보기 환경에서 실행 중입니다.
인증 구성 :
<realm loginModule="WASLTPAModule" name="DataPowerRealm">
<className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
<parameter name="login-page" value="/login.html" />
<parameter name="error-page" value="/loginError.html" />
</realm>
<loginModule name="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
<parameter name="httponly-cookie" value="true" />
<parameter name="cookie-name" value="LtpaToken2" />
</loginModule>
<securityTests>
<customSecurityTest name="ldapSecTest">
<test realm="DataPowerRealm" step="1" />
<test isInternalUserID="true" realm="LdapAdapterRealm" step="2" />
</customSecurityTest>
<customSecurityTest name="DataPowerAuth">
<test realm="DataPowerRealm" step="1" isInternalUserID="true" />
</customSecurityTest>
</securityTests>
업데이트 : 응답 데이터에서 서버
Remote Address:10.2.163.199:445
Request URL:http://10.2.163.199:445/worklight/apps/services/api/SmartServices/common/query
Request Method:POST
Status Code:403 Forbidden
Request Headersview source
Accept:text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding:gzip,deflate
Accept-Language:en-US
Connection:keep-alive
Content-Length:197
Content-type:application/x-www-form-urlencoded; charset=UTF-8
Cookie:LtpaToken2=uu9ac1LdsZ6afuLZ5Bzb8Eh29wGRa8SZ67Mp8oX5k+3Q5Vy3YkNpb69XeHDjkYRQRLFu2HQ9YMMfvNtPCyD67CvsUejRju5M2WH77YxQhMwWGxVGL6etLiQJm/1zILpyqiXBT9ubpjlLC5M2ogvklFmkboHxrEVhS2WYTcuBVmlQMyHNvWPYQ85GC+F70V/7MMvoyVCslD4nvYQgnEQl/NdKAVtb4HjUylIkUpYzERW9mvQe7DXM6uez7U2TM9Z6wIykTWL+flmzp48QM7RsTUW71F3DJ9+odoqdOfKOvv0/0/TAcx7k5p50FpItnRLSXAkckSoRAVgEm2BRzWq6RJwAjJhLQkz88dtPzJhrP2U=; WL_PERSISTENT_COOKIE=3ea0b226-fe49-4675-ac80-8c6f2d370f26; forms.MobileGateway_HTMLFormLoginAAA.session=8DDBA0B2B0722B28C41750077EBDE8E1265752C4PHNlc3Npb24tY29va2llPjxjb29raWUtbmFtZT5mb3Jtcy5Nb2JpbGVHYXRld2F5X0hUTUxGb3JtTG9naW5BQUEuc2Vzc2lvbjwvY29va2llLW5hbWU+PGNyZWF0ZWQ+MjAxNC0xMS0yMFQxMjo0NTo1OFo8L2NyZWF0ZWQ+PHJlZnJlc2hlZD4yMDE0LTExLTIwVDEyOjQ1OjU4WjwvcmVmcmVzaGVkPjxtaWdyYXRpb24vPjxrZXk+QkZGMjlCNjMyQ0E0NUEwRDQ3NEMwRjcxQkIzMDM3RUFEM0JFNDU5RTwva2V5Pjwvc2Vzc2lvbi1jb29raWU+; JSESSIONID=00000cRvoMiUcoF0mcO_CJv4M11:-1; testcookie=oreo; LtpaToken=me/P4T9tNq2EckeC/NxQsTedAT+ugUHGjtoPE4gMz2l9eaHlbIX44J2guaaTjfCJIjWBjaPX8jeQRMbSEQXk0qFrDzqT9NvJlEMEbz7qXq/zhbyE1oV5fA1f2gRJGbk+y3tILSf1fDvKtUrZVrXwhk9ARTi0vzAOIV9sVfDKMb++6ULhmwQLOumaQMrWWAyJP4Y44MzxK5o/xr4XaEwJQRaqj32np72Qws3zwkmqK1hAo2rjDRXb/WTvisFxA7IdMBrvHkjGTCtCyDUhd/nFXSKg1j17ylpz544wEGh2Y5UJTBEhjj5vr91FeCrPUTw6lbWzwXJk54Do8xD8vkggPqc24gzdZT9EUa+0vl213m6hl1LGdfj3aKbwS0BddeXhZ5sEB+DAJP5Vx0/w9nH2hbI/Vjo4zC0ZvZIfCK65rK0FthxKKOQC580Ta1+1LxXbOFoUwntDAE0odbw1IG4zx5DMCPuNzXB81nP0MZnLiBcQH9zU7Rp6EdIZ5UJoCnwSe54CxlRf3fIwk3VUZmCfeIE2eoUTCnTDvghAF3peG1fuNW6yE8v0X6fpkse3bamEnlNP/Exkjb+sdSK9xTWkPg1qcM43bYL0FNeSzlA8K71moxLcfounXaf47AhwoRrbdMYcx1KMUxjD/FDwmX2r6I/A4KrkwA2ay53P2AeQVbA=
Host:10.2.163.199:445
Origin:http://10.2.163.199:445
Referer:http://10.2.163.199:445/worklight/apps/services/preview/SmartServices/common/0/default/login.html
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36
WL-Instance-Id:hd5rku2a9ioc4f5m6oorc6frm0
X-Requested-With:XMLHttpRequest
x-wl-app-version:1.0
x-wl-platform-version:6.0.0
Form Dataview sourceview URL encoded
adapter:SecureDashBoardAdapter
procedure:autoLogin
parameters:["","",true]
__wl_deviceCtxVersion:-1
__wl_deviceCtxSession:78983441416487555728
isAjaxRequest:true
x:0.620181588223204
Response Headersview source
Cache-Control:no-cache, no-store, must-revalidate
Connection:Keep-Alive
Content-Language:en-US
Content-Type:application/json; charset=UTF-8
Date:Thu, 20 Nov 2014 12:51:53 GMT
Expires:Sat, 26 Jul 1997 05:00:00 GMT
P3P:policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Transfer-Encoding:chunked
X-Backside-Transport:FAIL FAIL
X-Client-IP:10.10.30.152
X-Powered-By:Servlet/3.0
기기 OS, Worklight 버전 및 빌드 번호와 같은 환경에 대한 전체적인 질문을 항상 언급하십시오. 보안 테스트를 적용하는 방법, 보안 테스트는 무엇입니까? 이 세부 정보로 질문을 수정하십시오. –
@IdanAdar done, 친절히 조언 –
보안 테스트에 문제가 없으면 WASLTPARealm의 이름을 DataPowerAuth로 변경하면됩니다. DataPower를 인증 서버로 사용하고 Worklight 서버로 SSO를 수행하려면 Workight 서버가 Websphere 애플리케이션 서버 (또는 Websphere Liberty 프로파일)이어야하며 Worklight 서버를 DataPower와 동일한 사용자 레지스트리로 구성해야합니다. –