Mobilefirst Direct Update LTPA Authentication whit Data Power and error SESN0008E

Question

We have implemented MobileFirst security with LTPA token and Data Power. Mobilefirst version is 7.0.0.00.20150729-1801. DataPower 7.1.0.4.

User authentication and user sessions run fine.

The problem comes with Direct Update: the update alert appears on the app but after pressing update button, appears a more alert with an error message that the update has failed.

The error on the Mobilefirst/Liberty log file is:

SESN0008E: a user authenticated as anonymous has attempted to access a session owned by ...

It seems that the LTPA token is lost. The android app logcat is:

01-08 10:36:14.645: D/WL_DIRECT_UPDATE_MANAGER(17035): DirectUpdateManager.startUpdate.onDirectUpdateSuccess: {"totalSize":9833,"operation":"start"}
01-08 10:36:14.665: D/Dialog(17035):  checkMirrorLinkEnabled returns : false
01-08 10:36:14.665: D/WL_DIRECT_UPDATE_CHALLENGE_HANDLER(17035): defaultListener.onStart: totalSize=9833
01-08 10:36:14.665: D/Dialog(17035): showing allowed
01-08 10:36:14.675: D/ProgressBar(17035): setProgressDrawable drawableHeight = 0
01-08 10:36:14.685: D/com.worklight.androidgap.directupdate.WLDirectUpdateDownloader(17035): WLDirectUpdateDownloader.downloadZipFile in WLDirectUpdateDownloader.java:144 :: Starting fresh download since app was changed on the server since last download attempt
01-08 10:36:14.735: W/PluginManager(17035): THREAD WARNING: exec() call to WLDirectUpdatePlugin.showProgressDialog blocked the main thread for 71ms. Plugin should use CordovaInterface.getThreadPool().
01-08 10:36:14.795: D/ProgressBar(17035): updateDrawableBounds: left = 0
01-08 10:36:14.795: D/ProgressBar(17035): updateDrawableBounds: top = 0
01-08 10:36:14.795: D/ProgressBar(17035): updateDrawableBounds: right = 405
01-08 10:36:14.795: D/ProgressBar(17035): updateDrawableBounds: bottom = 30
01-08 10:36:14.795: D/ProgressBar(17035): updateDrawableBounds: mProgressDrawable.setBounds()
01-08 10:36:14.885: D/com.worklight.androidgap.directupdate.WLDirectUpdateDownloader(17035): WLDirectUpdateDownloader.downloadZipFile in WLDirectUpdateDownloader.java:151 :: The server returned file different than expected application update zip file
01-08 10:36:14.905: D/com.worklight.androidgap.directupdate.WLDirectUpdateDownloader(17035): WLDirectUpdateDownloader.downloadZipFile in WLDirectUpdateDownloader.java:152 :: Response Data: Error 500: com.ibm.websphere.servlet.session.UnauthorizedSessionRequestException: SESN0008E: a user authenticated as anonymous has attempted to access a session owned by:WASLTPARealm/uid=xxxxx,cn=xxxx,cn=xxxx,ou=xxxxx,ou=xxxx,o=xxxx,c=xx.
01-08 10:36:14.915: D/WL_DIRECT_UPDATE_MANAGER(17035): DirectUpdateManager.startUpdate.onDirectUpdateSuccess: {"status":"FAILURE_UNKNOWN","operation":"finish"}
01-08 10:36:14.925: D/WL_DIRECT_UPDATE_CHALLENGE_HANDLER(17035): defaultListener.onFinish: status=FAILURE_UNKNOWN
01-08 10:36:14.935: D/WL_DIRECT_UPDATE_CHALLENGE_HANDLER(17035): defaultListener.onFinish: hideProgressDialog
01-08 10:36:14.935: D/Dialog(17035):  checkMirrorLinkEnabled returns : false
01-08 10:36:14.935: D/Dialog(17035): showing allowed

Obviously excluding the DataPower the problem disappears. How to fix it?

I solved setting on Liberty the httpSession attribute invalidateOnUnauthorizedSessionRequestException to true in the server.xml file.

Regards.

Answer 1

From the comments section:

I solved soon after I had written the question. I edited my question with solution. I solved setting on Liberty the httpSession attribute invalidateOnUnauthorizedSessionRequestException to true in the server.xml file.