Stack Overflow
Stack Overflow

Questions tagged [worklight-security]

IBM Worklight security framework makes available security principles and techniques to implement and configure a secure Worklight mobile apps, adapters, data and web resources.

To produce secure mobile applications, you must apply security principles and techniques to the implementation and configuration of your Worklight mobile applications, adapters, data, and web resources.

Worklight defines a framework that consists of:

  • Server-side security tests.
  • Authentication realms.
  • Log-in modules.
  • Authenticators.
  • Client-side challenge handlers.

For more information: Worklight mobile application security

180 questions
4
votes
2 answers

How to implement OAUTH 2.0 in IBM Worklight 6.0

In my app I have implemented Login module auth security by implementing security realms. But i am thinking of implementing a OAUTH2.0 authentication where user will be authenticated once I will get a token and re-validate than on app starts. So…
Steve
  • 385
  • 1
  • 16
3
votes
1 answer

Cannot access WebService configured on TLS1.2 from Worklight HTTP Adapter

I am trying to access the 3rd party SOAP service(securedSOAPService) from IBM Worklight 6.1 application server through HTTP Adapter. Following is the configuration of adapter.xml of HTTP Adapter,
sohel shaikh
  • 61
  • 9
3
votes
2 answers

Missing Secure attributes in cookies: WL_PERSISTENT_COOKIE and testcookie

In a security scan result, I received the following error: "Missing Secure Attribute in Encrypted Session (SSL) Cookie" for WL_PERSISTENT_COOKIE and testcookie. I don't know how to set the secure attribute for these cookies, from the websphere…
Irene Marquet
  • 163
  • 9
3
votes
2 answers

Worklight Authenticity

We are developing a hybrid application on Worklight, and we need to implement the app authenticity. We are using Worklight Enterprise edition 6.2.0.1 with IBM app centre. However, We are seeing the following error on the server log when we launch…
Sami
  • 572
  • 8
  • 22
3
votes
1 answer

What is the significance of the argument to WL.Client.createChallengeHandler?

I'm using Worklight 6.0 and Form based authentication. I thought that the argument for WL.Client.createChallengeHandler() was the realm that the challenge handler would address, but testing seems to indicate that there is no way to create a realm…
David Dhuyveter
  • 1,416
  • 9
  • 17
3
votes
1 answer

WL.Client.connect onSuccess callback does not get called

Given the following code, the onSuccess is not being called back on a successful connect. I've listed the code and log output for the sequence of events. Is the code set up wrong? connectOnStartup is set to false in the initOptions. This code is…
Sam Nunnally
  • 2,291
  • 2
  • 19
  • 30
2
votes
1 answer

API for Encryption(Client) and Decryption(Server/Adapter) in Worklight

Please let me know Is worklight is providing any API to encrypt data from client side and same data that can be decrypted from adapter(server) side? Something like SecurityUtils which going to works on both(server and client)sides.
RAJENDRA PRASAD S.J
  • 83
  • 7
2
votes
1 answer

Device Single sign on is not working when used with adapter authenticator which is wl_unprotected

I am testing device SSO using mobile security test and I have used Adapter authentication. I have created two apps in a same project and my authenicationConfig.xml looks something like this
Coder girl
  • 21
  • 2
2
votes
1 answer

How to enter user credentials when calling password protected URL from a worklight adapter?

I want to call a rest service via http adapter. I do a get request to the url of the rest service but it is in a password protected domain. (if i try to access the url from browser it pops up a window for username and password.) How can i pass these…
mike_x_
  • 1,900
  • 3
  • 35
  • 69
2
votes
1 answer

Worklight Online + Offline Authentication

I'm trying to achieve the following through Worklight. My app has two sets of features. One set of features can be accessed only when the app is connected to the server and the user is authenticated. Another set of features can be accessed offline…
Chandrahas
  • 93
  • 3
2
votes
1 answer

Can't retrieve user roles

I am trying to return a list of roles back to a mobile client device from the WL server In the createIdentity method of my LoginModule I added the following code HashMap customAttributes = new HashMap
Marvin
  • 55
  • 5
2
votes
4 answers

Is a signed SSL certificate required for Worklight development?

I'm working on a demo in Worklight version 6.0 where I need to use SSL from iOS and Android to the Worklight Server. Is there any way to use a self-signed or test certificate in the Worklight server? Or do I need to buy a certificate from one of…
David Dhuyveter
  • 1,416
  • 9
  • 17
2
votes
1 answer

IBM Worklight 6.0 - Adapter with basic auth doesn't update auth header if client logs out/in

I have a Worklight v6.0 application using adapter-based authentication. The adapter is an HTTP adapter that calls a backend REST service using Basic Auth. There is no session or cookies between the adapter and the backend service. In my Adapter…
David Dhuyveter
  • 1,416
  • 9
  • 17
2
votes
1 answer

IBM Worklight: Calling Push Notification Adapter from backend

I have implemented a Push Notification adpater and would like backend system to call the procedure in order to submit notification. With reference to this post,…
red23jordan
  • 2,841
  • 10
  • 41
  • 57
1
vote
1 answer

Is there have any API to reset the adapter successStateExpirationSec?

I defined a security check adapter and configured the property which is shown below.
cnz81
  • 694
  • 1
  • 6
  • 15
1
2 3
11 12