0

I'm working on the new Platform MFP8 and I want to implement an LTPA Authentication in an hybrid application. Searching in the web I found a Swift implementation of LTPA ChallengeHandler (https://github.com/mfpdev/ldap-and-ltpa-sample/tree/master/LTPABasedSample). But, if I try to replicate the same behaviour in a JS challengeHandler, it doesn't work. Below my challengeHandler implementation:

var UserLoginChallengeHandler = function() {
    var isChallenged = false;
    var securityCheckName = 'LTPA';
    var URL;
    var userLoginChallengeHandler = WL.Client.createSecurityCheckChallengeHandler(securityCheckName);

    document.getElementById("login").addEventListener("click", login);

    userLoginChallengeHandler.securityCheckName = securityCheckName;

    userLoginChallengeHandler.handleChallenge = function(challenge) {
        WL.Logger.debug("handleChallenge");
        showLoginDiv();
        isChallenged = true;
        URL = challenge.loginURL;
    };

    userLoginChallengeHandler.handleSuccess = function(data) {
        WL.Logger.debug("handleSuccess");
        isChallenged = false;
        showProtectedDiv();
    };

    userLoginChallengeHandler.handleFailure = function(error) {
        WL.Logger.debug("handleFailure: " + error.failure);
        isChallenged = false;
        if (error.failure !== null){
            alert(error.failure);
        } else {
            alert("Failed to login.");
        }
    };

    function login() {

        var basic = "Basic YWRtaW46YWRtaW4="; //base64 of admin:admin 
        $.ajax({
          type: "POST",
          url: URL,
          headers: {
            "Authorization": basic
          },
          success: function(data, status, xhr){
            console.log(data);
            userLoginChallengeHandler.submitChallengeAnswer({});
          },
          error: function(jqXhr, status, error){
            console.log(error);
          }
        });
    }

    return userLoginChallengeHandler;

};

When I submit the request for plain-war application, the principal in the authorize method of LTPASecurityCheck results null. Instead, if I execute the iOS example application, the principal is valued and the authentication occurs.

Have you any idea to resolve this strange behavior?

Thanks a lot, Stefano

Stefano
  • 39
  • 1
  • 8

1 Answers1

1

I think that the Swift sample is not sending POST request but GET. Have you tried to send it as GET?

Ishai
  • 169
  • 10
  • I've tried but nothing is changed. The principal is still null – Stefano Jan 17 '17 at 15:25
  • Could be that cookies not passed because of cross domain issue. Try to use WLResourceRequest if possible.. and not ajax. WLResourceRequest is invoke through native code so cookies will passed – Ishai Jan 17 '17 at 19:55
  • To inspect if cookies is passed along to the server you can use Charles web proxy or Wireshark – Ishai Jan 17 '17 at 20:08
  • Using WLResourceRequest it works like a charm! Thanks – Stefano Feb 09 '17 at 10:45