Search code examples
ibm-mobilefirstworklight-adapters

worklight client connect() to call ChallengeHandler

My understanding is the authentication mechanism provided by worklight is on-demand based - when you accessing some protected resources, client side ChallengeHandler would be invoked.

However, we are encountering a very weird situation - the Challenge Handler would be invoked as long as the client side invokes WLClient::connect method. We have not even started to invoke an adapter method.

authentication-config.xml

<?xml version="1.0" encoding="UTF-8"?>
<tns:loginConfiguration xmlns:tns="http://www.worklight.com/auth/config"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

    <!-- Licensed Materials - Property of IBM 5725-I43 (C) Copyright IBM Corp. 
        2006, 2013. All Rights Reserved. US Government Users Restricted Rights - 
        Use, duplication or disclosure restricted by GSA ADP Schedule Contract with 
        IBM Corp. -->

    <securityTests>

        <mobileSecurityTest name="UserAuthSecurityTest">
            <testUser realm="UserAuthRealm" />
        </mobileSecurityTest>

        <mobileSecurityTest name="PushNotificationSecurityTest">
            <testUser realm="UserAuthRealm" />
            <testDeviceId provisioningType="none" />
        </mobileSecurityTest>

    </securityTests>

    <realms>

        <realm loginModule="AuthLoginModule" name="UserAuthRealm">
            <className>com.worklight.integration.auth.AdapterAuthenticator</className>
            <parameter name="login-function" value="UserAuthAdapter.onAuthRequired" />
            <parameter name="logout-function" value="UserAuthAdapter.onLogout" />
        </realm>

    </realms>

    <loginModules>

        <loginModule name="AuthLoginModule">
            <className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
        </loginModule>

    </loginModules>

</tns:loginConfiguration>

application-descriptor.xml

<android securityTest="PushNotificationSecurityTest" version="3.0.1">
    <worklightSettings include="false"/>
    <pushSender key="..." senderId="..."/>
    <security>
        <encryptWebResources enabled="false"/>
        <testWebResourcesChecksum enabled="false" ignoreFileExtensions="png, jpg, jpeg, gif, mp4, mp3"/>
        <publicSigningKey>........</publicSigningKey>
    </security>
</android>
Solution

  • Did you set a securityTest on an environment in application-descriptor.xml? If you have, this will explain it.

    A security test declared on the environment in application-descriptor.xml will trigger an authentication on application startup.