IBM Worklight - How to enable App Authenticity in Worklight Console?

问题

I tried to follow the tutorial at this url, the tutorial is so straight forward but I just couldn't get the correct outcome.

below is my authenticationConfig.xml

<securityTests>
  <customSecurityTest name="custom-mobilesecurityTest">
    <test realm="wl_antiXSRFRealm" step="1"/>
    <test realm="wl_authenticityRealm" step="2"/>
    <test realm="HeaderAuthRealm" isInternalUserID="true" step="3"/>
  </customSecurityTest>
</securityTests>

But the App Authentication appeared in console is always "Access Disabled", I can't enable it. Did I missing anything here?

回答1:

It would be more helpful if you would mention what you've actually done, because configuring authenticationConfig.xml is only 1 step of several.

Also note that for App Authenticity to really work and not use dummy implementation, you must use the Consumer edition of IBM Worklight (i.e., be a paying customer and install the correct version of Worklight Studio and Worklight Server).

I believe that for your problem, you have not done step 2 below.

Steps to enable App Authenticity:

1. Configure a security test that has the wl_authenticityRealm realm:

   <customSecurityTest name="customTests">
        <test realm="wl_antiXSRFRealm" step="1"/>
        <test realm="wl_authenticityRealm" step="1"/>
        <test realm="wl_remoteDisableRealm" step="1"/>
        <test realm="wl_anonymousUserRealm" isInternalUserID="true" step="1"/>
        <test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="2"/>
   </customSecurityTest>
   

   ^ This is mentioned in slide 9

2. Place this securityTest on the environment(s) in application-descriptor.xml, for example:

   <android version="1.0" securityTest="customTests">
   

3. For Android, generate the public signing key:

   <android version="1.0" securityTest="customTests">
           <worklightSettings include="true"/>
           <security>
               <encryptWebResources enabled="false"/>
               <testWebResourcesChecksum enabled="false" ignoreFileExtensions="png, jpg, jpeg, gif, mp4, mp3"/>
               <publicSigningKey>MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBdfdsfdsfiQKBgQCPCbaCfAfnAqQ12/S5LLfA4cBz/3INyLRPhFGSVFztdWNzPhrna1xDc8/3V1sUIW2odfdfddfdfffdR2n3dAnNMVydfdfdfv68gmU5qVCN4LxSKKRAj7VVbhBxBIEt5MbY+c0o7NZ2Pgu/moJee8Wgu8veZ1TJntYn+cWCYuI/JSnA9nsskwhSdPHK32edsfsdfdfQIDAQAB</publicSigningKey>
           </security>
       </android>
   

   ^ This is mentioned in slides 10-13

4. For iOS, place the app bundleId:

   <iphone bundleId="com.worklight.test" version="1.0" securityTest="customTests">

   ^ This is mentioned in slides 10-13

5. Run As > Run on Worklight Development Server

Now the App Authenticity dropdown should be enabled for you in Worklight Console.

来源：https://stackoverflow.com/questions/21904497/ibm-worklight-how-to-enable-app-authenticity-in-worklight-console