Here is the setup for LTPA token based authentication between ISAM and MobileFirst 6.3: ISAM appliance is hosting Login page and generating LTPA token using the ltpa.keys from MobileFirst 6.3 server. ISAM also connects to LDAP to authenticate user which eventually forwards a request with generated ltpaToken2 cookie down to MobileFirst 6.3 server. I have configured following authenticationConfig.xml
<securityTests>
...
<customSecurityTest name="ISAMforWorklight-web-securityTest">
<test realm="wl_antiXSRFRealm" />
<test realm="WASLTPARealm" isInternalUserID="true" />
<test realm="HeaderAuthRealm"/>
</customSecurityTest>
</securityTests>
<realms>
...
<realm loginModule="WASLTPAModule" name="WASLTPARealm">
<className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
<parameter name="login-page" value="/login.html"/>
<parameter name="error-page" value="/loginError.html"/>
</realm>
</realms>
<loginModules>
...
<loginModule name="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
</loginModule>
</loginMoudles>
Server.xml contains:
<ltpa keysFileName="<app>/resources/security/ltpa.keys" keysPassword="whatever" expiration="120"/>
It is throwing following exception. Per my understanding default login handler should work seemslessly in MobileFirst when ltpaToke2 is being provided in a request. Not sure what is that I am missing here.
==> trace.log <== [7/22/15 20:28:03:229 UTC] 000000eb id= com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator I processRequest FWLSE0055I: Not recognized. [project worklight] [7/22/15 20:28:03:230 UTC] 000000eb id=
com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator 1 processRequest Processing request not recognized [project worklight] [7/22/15 20:28:03:230 UTC] 000000eb id=
com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator < processRequest RETURN
