0

I'm facing a problem related to the users' session. I'm using Adapter Based Authentication which I user to authenticate the user to have secret data from the web service.

For example when the user1 login, he gets his own data. Now when the user2 login , he gets his own data. But the user1 , also , get the user2's data. So all the users are getting the data of last login user.

I tried to put this connectAs="endUser" but I'm still facing the same problem. Any idea to solve this problem.

Practically I have the opposite behaviour of this question: IBM Worklight 6.0 - Adapter with basic auth doesn't update auth header if client logs out/in

this is the authenticationConfig.xml :

<securityTests>
    <customSecurityTest name="AdapterSecurityTest">
        <test isInternalUserID="true" realm="AdapterAuthRealm" />
    </customSecurityTest>

    <mobileSecurityTest name="PushSecurityTest">
        <testUser realm="AdapterAuthRealm"/>
        <testDeviceId provisioningType="none"/>
    </mobileSecurityTest>

</securityTests>


<realms>
    <realm name="AdapterAuthRealm" loginModule="AdapterLoginModule">
        <className>com.worklight.integration.auth.AdapterAuthenticator</className>
        <parameter name="login-function" value="MyAdapter.onAuthRequired" />
        <parameter name="logout-function" value="MyAdapter.onLogout" />
    </realm>
</realms>

<loginModules>
    <loginModule name="AdapterLoginModule">
        <className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
    </loginModule>
</loginModules>
Community
  • 1
  • 1
ghost rider3
  • 448
  • 1
  • 5
  • 17
  • 1
    what is the version of worklight that you are using? can you provide your adapter descriptor and implementation? Is each user on their own device, or are you using the same device/browser for both users? – David Dhuyveter Dec 08 '13 at 19:35
  • I'm using Worklight 6.0.0.201307011446 , this is the adapter description : ` http myserver.com 9080 ` – ghost rider3 Dec 09 '13 at 15:42

1 Answers1

1

connectas enduser should be set on getsecretdata, not on authenticate.

David Dhuyveter
  • 1,416
  • 9
  • 17
  • I tried but I got the same problem, I did some research And I found I probably I need to change the Authentication Adapter with LTPA Authentication in the case of using WebSphere as deployment server! Is it right ? – ghost rider3 Dec 10 '13 at 06:52
  • If you are using WebSphere as the deployment server, LTPA based authentication is available, but it is not required. How are you authenticating in the adapter? If a standard authenticator (such as the WebSphereFormBasedAuthenticator) will do the trick, then you are probably better off using it than doing your own authentication in an adapter. But just because you are running on WebSphere doesn't mean that you need to use LTPA. Can you add your authenticationConfig.xml to the original question? What do you do in the authenticate procedure? – David Dhuyveter Dec 10 '13 at 14:46
  • The name of your login and logout functions in authenticationConfig.xml don't match your procedure names in your adapter descriptor. – David Dhuyveter Dec 11 '13 at 14:37