I changed recently the authentication mecanism to Data power LTPA authentication. The auth it self works fine but when attempting to access the first adapter after login (my request contains an LTPA token Cookie), it fails with this message : "wl_antiXSRFRealm":{"reason":"Login Failed"}
the wl_antiXSRFRealm is returning a userId on the /init call Do I miss something ?
Environment details : Worklight 6.0.0.2 Running on common preview environment.
Authentication configuration :
<realm loginModule="WASLTPAModule" name="DataPowerRealm">
<className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
<parameter name="login-page" value="/login.html" />
<parameter name="error-page" value="/loginError.html" />
</realm>
<loginModule name="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
<parameter name="httponly-cookie" value="true" />
<parameter name="cookie-name" value="LtpaToken2" />
</loginModule>
<securityTests>
<customSecurityTest name="ldapSecTest">
<test realm="DataPowerRealm" step="1" />
<test isInternalUserID="true" realm="LdapAdapterRealm" step="2" />
</customSecurityTest>
<customSecurityTest name="DataPowerAuth">
<test realm="DataPowerRealm" step="1" isInternalUserID="true" />
</customSecurityTest>
</securityTests>
UPDATE : Below the response from the server
Remote Address:10.2.163.199:445
Request URL:http://10.2.163.199:445/worklight/apps/services/api/SmartServices/common/query
Request Method:POST
Status Code:403 Forbidden
Request Headersview source
Accept:text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding:gzip,deflate
Accept-Language:en-US
Connection:keep-alive
Content-Length:197
Content-type:application/x-www-form-urlencoded; charset=UTF-8
Cookie:LtpaToken2=uu9ac1LdsZ6afuLZ5Bzb8Eh29wGRa8SZ67Mp8oX5k+3Q5Vy3YkNpb69XeHDjkYRQRLFu2HQ9YMMfvNtPCyD67CvsUejRju5M2WH77YxQhMwWGxVGL6etLiQJm/1zILpyqiXBT9ubpjlLC5M2ogvklFmkboHxrEVhS2WYTcuBVmlQMyHNvWPYQ85GC+F70V/7MMvoyVCslD4nvYQgnEQl/NdKAVtb4HjUylIkUpYzERW9mvQe7DXM6uez7U2TM9Z6wIykTWL+flmzp48QM7RsTUW71F3DJ9+odoqdOfKOvv0/0/TAcx7k5p50FpItnRLSXAkckSoRAVgEm2BRzWq6RJwAjJhLQkz88dtPzJhrP2U=; WL_PERSISTENT_COOKIE=3ea0b226-fe49-4675-ac80-8c6f2d370f26; forms.MobileGateway_HTMLFormLoginAAA.session=8DDBA0B2B0722B28C41750077EBDE8E1265752C4PHNlc3Npb24tY29va2llPjxjb29raWUtbmFtZT5mb3Jtcy5Nb2JpbGVHYXRld2F5X0hUTUxGb3JtTG9naW5BQUEuc2Vzc2lvbjwvY29va2llLW5hbWU+PGNyZWF0ZWQ+MjAxNC0xMS0yMFQxMjo0NTo1OFo8L2NyZWF0ZWQ+PHJlZnJlc2hlZD4yMDE0LTExLTIwVDEyOjQ1OjU4WjwvcmVmcmVzaGVkPjxtaWdyYXRpb24vPjxrZXk+QkZGMjlCNjMyQ0E0NUEwRDQ3NEMwRjcxQkIzMDM3RUFEM0JFNDU5RTwva2V5Pjwvc2Vzc2lvbi1jb29raWU+; JSESSIONID=00000cRvoMiUcoF0mcO_CJv4M11:-1; testcookie=oreo; LtpaToken=me/P4T9tNq2EckeC/NxQsTedAT+ugUHGjtoPE4gMz2l9eaHlbIX44J2guaaTjfCJIjWBjaPX8jeQRMbSEQXk0qFrDzqT9NvJlEMEbz7qXq/zhbyE1oV5fA1f2gRJGbk+y3tILSf1fDvKtUrZVrXwhk9ARTi0vzAOIV9sVfDKMb++6ULhmwQLOumaQMrWWAyJP4Y44MzxK5o/xr4XaEwJQRaqj32np72Qws3zwkmqK1hAo2rjDRXb/WTvisFxA7IdMBrvHkjGTCtCyDUhd/nFXSKg1j17ylpz544wEGh2Y5UJTBEhjj5vr91FeCrPUTw6lbWzwXJk54Do8xD8vkggPqc24gzdZT9EUa+0vl213m6hl1LGdfj3aKbwS0BddeXhZ5sEB+DAJP5Vx0/w9nH2hbI/Vjo4zC0ZvZIfCK65rK0FthxKKOQC580Ta1+1LxXbOFoUwntDAE0odbw1IG4zx5DMCPuNzXB81nP0MZnLiBcQH9zU7Rp6EdIZ5UJoCnwSe54CxlRf3fIwk3VUZmCfeIE2eoUTCnTDvghAF3peG1fuNW6yE8v0X6fpkse3bamEnlNP/Exkjb+sdSK9xTWkPg1qcM43bYL0FNeSzlA8K71moxLcfounXaf47AhwoRrbdMYcx1KMUxjD/FDwmX2r6I/A4KrkwA2ay53P2AeQVbA=
Host:10.2.163.199:445
Origin:http://10.2.163.199:445
Referer:http://10.2.163.199:445/worklight/apps/services/preview/SmartServices/common/0/default/login.html
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36
WL-Instance-Id:hd5rku2a9ioc4f5m6oorc6frm0
X-Requested-With:XMLHttpRequest
x-wl-app-version:1.0
x-wl-platform-version:6.0.0
Form Dataview sourceview URL encoded
adapter:SecureDashBoardAdapter
procedure:autoLogin
parameters:["","",true]
__wl_deviceCtxVersion:-1
__wl_deviceCtxSession:78983441416487555728
isAjaxRequest:true
x:0.620181588223204
Response Headersview source
Cache-Control:no-cache, no-store, must-revalidate
Connection:Keep-Alive
Content-Language:en-US
Content-Type:application/json; charset=UTF-8
Date:Thu, 20 Nov 2014 12:51:53 GMT
Expires:Sat, 26 Jul 1997 05:00:00 GMT
P3P:policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Transfer-Encoding:chunked
X-Backside-Transport:FAIL FAIL
X-Client-IP:10.10.30.152
X-Powered-By:Servlet/3.0
I have opened a PMR and we got to know the reason of the issue. Actually there is a conflict between a WL thread and a Websphere thread which leads to this issue. One way to resolve it is to put explicit security test for each procedure which is called once logged in. Otherwise, installing a newer version of WL will resolve the issue.