Search code examples
androidibm-mobilefirstibm-datapower

Error Integrating Mobilefirst with DataPower

I am following this tutorial https://mobilefirstplatform.ibmcloud.com/blog/2016/02/20/datapower-integration/

I have mobilefirst Studio 7.1.0.00-20160528-1648 and datapower 7.1.0.4

I installed the pattern in Datapower ant it works, but when I run the app, when I send the credentials I am getting getting again the login form.

I can see the next error in the messages.log

[6/13/16 8:45:14:228 CST] 000000f6 com.ibm.ws.security.token.internal.TokenManagerImpl I CWWKS4001E: The security token cannot be validated. This can be for the following reasons 1. The security token was generated on another server using different keys. 2. The token configuration or the security keys of the token service which created the token has been changed. 3. The token service which created the token is no longer available.

I enable the trace com.ibm.ws.security

I see the error

[6/13/16 8:44:08:801 CST] 00000101 id=46978bb4 com.ibm.ws.security.token.ltpa.internal.LTPAToken2 1 Caught BadPaddingException while decrypting token, this is only a critical problem if decryption should have worked. javax.crypto.BadPaddingException: Given final block not properly padded

I ran the apps the apps in IOS and Android aand I get the error in the 2 environments

In android also I get this error:

06-13 14:44:50.928 2715-3738/com.HybridDataPower W/ResponseProcessCookies: Cookie rejected: "BasicClientCookie[version=0,name=forms.mypattern_MFPIntegration_Web_HTTPS_FormLTPA.FormsTarget,domain=192.168.233.139,path=/j_security_check,expiry=null]". Illegal path attribute "/j_security_check". Path of origin: "/DataPower/apps/services/api/HybridDataPower/android/query" 06-13 14:44:50.930 2715-2734/com.HybridDataPower W/org.apache.http.client.protocol.ResponseProcessCookies: Jdk14Logger.log in Jdk14Logger.java:103 :: Cookie rejected: "BasicClientCookie[version=0,name=forms.mypattern_MFPIntegration_Web_HTTPS_FormLTPA.FormsTarget,domain=192.168.233.139,path=/j_security_check,expiry=null]". Illegal path attribute "/j_security_check". Path of origin: "/DataPower/apps/services/api/HybridDataPower/android/query"

I am using the default password on the lpa.keys WebAS

I am using a HTTP Handler Service in datapower

I dont know if I need more configuration in DataPower or Mobilefirst

Solution

  • "The security token was generated on another server using different keys". This strongly point to a missmatch issue with the LTPA key. Make sure (double-check) that you use the same LTPA key for both Liberty and DataPower.

    Login to your DataPower domain. In the search box, search for "AAA Policy".

    • In "FormLTPA_Form2LTPA" → "Postprocessing". Re-upload your LTPA key file and re-enter the password. Apply and save.
    • In "FormLTPA_Verify" → "Authentication". Re-upload your LTPA key file and re-enter the password. Apply and save.

    Of course make sure that your client application points to your DataPower IP and port, and not directly to the MFP server.

    A lot of steps could go wrong, so re-read the blog post to make sure you did not miss any. For example I often forget to edit my server.xml to match the user/password for my test.