0

I am using DataPower to proxy MobileFirst Applications and AppCenter running on a WAS Liberty Profile.

While we got great results with the Mobile Apps (Hybrid apps), we are facing some strange behaviour with the AppCenter: Basically, anytime that a /j_security_check URI arrives to DataPower, the connection fails.

What we are looking at is that we do not know how to make the Server understand that there is a proxy between it and the client (I mean, like configuring Access Mappings on IIS or SharePoint web portals).

I ran a Fiddler trace and found the following difference in the HTTP Headers

HTTP 'Cookie' Header with DataPower:

Cookie: oracle.uix=0^^GMT-3:00; WASReqURL=http://:9080/appcenterconsole/console.html

HTTP 'Cookie' Header without DataPower:

Cookie: LtpaToken2=pWORZGbPV7BvEsrPzu+fz2mOdBRIByWqee2AMNjw/8k8qJS7i6HMPSnBja46sB3dYwJIy0uEyZ3k0ftQloTGGQUt+Vqu0ZDYJ1a9CDAaLYEeMj/1ZCSMSrctfIqiq6/hoRc1ayX4GkY3gEWpDwwjAEdQKc99r6XJl5VsKKglNm4sQhkbsNFx29mVLF7bp21A3jd+GrxDfS6aEZHau6H5A5Gr5o1ZvyRBQ2aQNtLWw2DZh55GzHUj8q8muBZqPZ36ORN9RXSxemwMtzLqUedJ/K6Tps3WLtqLdCXV9YmQj6V4zCBtQvLjKHoRQ1PYCNzm

I am testing the LTPA token generation in DataPower, but, in the meantime, I would like to know if there is any documentation regarding this use case.

http://www-01.ibm.com/support/knowledgecenter/SSZH4A_6.1.0/com.ibm.worklight.installconfig.doc/admin/t_integrating_datapower_was_or_iberty.html

bassco_dp
  • 27
  • 6

1 Answers1

4

The link you pointed to is documentation that describes an example of how to configure DataPower to do LTPA token generation and proxy authentication to the Worklight Server.

You don't give enough information to tell what is causing your problem on requests that go through DataPower vs. the ones that do not go through DataPower. Typically to debug these kinds of problems you need a debug trace from DataPower, a copy of the DataPower configuration and maybe a packet trace. These things often contain confidential information so if you have an IBM support contract, I would open a PMR with Worklight and submit those items so we can help you with that.

You don't say what your time line is, but there is likely to be a sample configuration and some updated documentation about how to integrate DataPower and Worklight with in the next few weeks.

John Graham
  • 96
  • 2
  • Hi John. From what I saw, the AppCenter automatically generates an LTPA Token against the Liberty Profile Server, is that right? That's why I thought that particular document would be useful. I have a debug trace from DataPower, but sadly there is no useful information, the rejection seems to come directly from the server, hence I shared the Fiddler traces. In fact, avoiding DataPower from performing any proccessing solves the issue, but leaves us with no added value. – bassco_dp Apr 20 '15 at 13:33
  • DataPower is designed to route and modify requests and responses. It could be doing anything to your request, including not letting it go through to the WL server. If you want to to debug it yourself, you need a debug log from the domain containing the DataPower service that you are going through (probably a Multiprotocol Gateway). With that debug log you should be able to see your request hit the DP service and then how it was processed. I personally like to also do a packet trace at DP so I can see the contents of the HTTP traffic between the client & DP as well as DP & the WL server. – John Graham Apr 20 '15 at 16:02
  • If you need help, share your DP debug log and DP configuration with me and i will give it a quick look when I have a chance. The packet trace would be helpful too. I would need to know the time stamp and URL that the request came to DP on so I don't have to poke through the whole log and guess what is related to the problem. – John Graham Apr 20 '15 at 16:07
  • Sure John!! Give me just a moment to upload everything and send you the links. – bassco_dp Apr 21 '15 at 13:50
  • John, I was never able to upload those files, but taking a closer look at them made me realise that I never turned off the follow redirects options. And that, in fact, was the problem. Thank you very much for all your help! – bassco_dp Apr 23 '15 at 19:16