I created a Standard Fusion Webabpplication with Basic Authentication to serve as Application Login Server. When I use a browser to open the URL I get the prompt for username and password and can access the page.
Now I enabled the security of my mobile app in the adfmf-application.xml and enabled the security for my feature in the adfm-feature.xml. When I open the application, I get the prompt for username and password. But every time I try to log in, I get a "Invalid username/password" error message.
Hi, Enno, sorry about the delay in response. Just to double check - when you try to access this site on your desktop browser, you are getting the default browser Basic HTTP Auth dialog box, correct? You are not using a login page, correct?
Assuming that's the case, have you upgraded your extension to the Update 1 build that became available about 2 weeks ago? There are some security related fixes in the update that might help.
Also, some other things to double check:
- Try cookie name JSESSIONID - I typically use the all upper case version of the name. You may want to double check the cookie name that gets returned from the REST service, to make sure the name is correct. It is most likely JSESSIONID.
- There are two entries for the login server - that should not matter but you may want to clean one up.
- The security realm: is it myrealm or is it jazn.com? It is specified in the URL DC - probably does not matter but good to double check.
Please let me know if any of that made a difference.
Hi, Enno, another item that we perhaps mis-documented is the importance of having "credentialStoreKey" setting match "adfCredentialStoreKey" setting in the URL Connection and in the Login Server settings. They should be the same, or it may also cause security issues.
We are also trying to enable security using the default login feature in ADF Mobile. The steps we did so far
1. Created a sample ADF application with login.jsf and logout.jsf
2. Deployed the Sample ADF application to the embedded weblogic server
3. After deployment, we mapped the deployed application URL (URL of the login / logout page) in the adfmf-application.xml while defining the connection.
4. The test connection to the URL works fine. Also under Security tab, default option is selected for the login page.
5. Now we run the application and it displays the default login page. We are good so far
The problem which we are facing is in terms of understanding how to add users? and which credential store to map to at run time. As the security uses any HTTP authentication, in this it looks like it uses the default security realm of the embedded web logic server i.e. my realm
Is our understanding correct?
Second thing is, in the Application Server Login connection, what should be the Access Control URL under the Authorization tab?
In the same post it also its suggested to use adfCredentialStore, can you please provide inputs in this regard.