ios - MobileFirst ChallengerHandler not returning from submitLoginForm call when using ISAM authentication -
(update added @ end)
i have native ios mobilefirst (7.0) client written in swift. mobilefirst server behind firewall , accessed though junction on ibm security access manager web (isam). isam being used adapter authentication. i've tested app without isam in middle (no authentication), , works fine.
a custom challenge handler registered:
let mych = mychallengehandler(vc: self) wlclient.sharedinstance().registerchallengehandler(mych)
mychallengehandler sets realm in init() function:
init(vc: loginviewcontroller){ self.vc = vc super.init(realm: "headerauthrealm") }
the app first connects server using wlconnectwithdelegate:
wlclient.sharedinstance().wlconnectwithdelegate(connectlistener(vc: self))
and once connection made, should call adapter method on server user info (using invokeprocedure):
let invocationdata = wlprocedureinvocationdata(adaptername: "login", procedurename: "lookuprole") invocationdata.parameters = [userid] wlclient.sharedinstance().invokeprocedure(invocationdata, withdelegate: loginlistener(vc: self))
however it's not getting far.
when isam involved, protecting everything, include connect url, challenge handler first getting called when wlconnectwithdelegate() attempted because isam returns login page.
the challenge handler detecting login page , handlechallenge() function being called. userid/password collected user if necessary, , calls function calls submitloginform(). custom onconnect() , onfailure() functions defined in challenge handler well:
override func handlechallenge(response: wlresponse!) { handlechallengeisam(response) } func handlechallengeisam(response: wlresponse!) { //hpdia0200w authentication failed. have used invalid user name, password or client certificate. let failedlogin = response.responsetext.rangeofstring("hpdia0200w") != nil if vc.security.authdataset && !failedlogin { println("=========== sending login data directly") submitisamauthdata() } else { println("=========== login screen form should appear") if failedlogin { needcredentials("please check credentials.") } else { needcredentials(nil) } } } func submitisamauthdata() { let loginposturl = "https://wstest.clearlake.ibm.com/pkmslogin.form" let params = ["username" : vc.security.userid , "password" : vc.security.password, "login-form-type" : "pwd"] println("=========== sending submitloginform request") self.submitloginform( loginposturl, requestparameters: params, requestheaders: nil, requesttimeoutinmilliseconds: -1, requestmethod: nil) println("=========== submitloginform request sent") } override func onsuccess(response: wlresponse!) { println("=========== onsuccess") let isloginresponse = iscustomresponse(response) if isloginresponse { println("=========== re-challenged") handlechallenge(response) } else { println("=========== challenge success") submitsuccess(response) } } override func onfailure(response: wlfailresponse!) { println("=========== challenge failure") println("\(response.errormsg)") submitfailure(response) }
the problem is far gets. request never gets isam device, , onsuccess() or onfailure() functions never called. ios simulator log states request made, that's it. no indication did anything.
=========== sending submitloginform request 2015-04-09 15:00:12.866 thirdpartycompliance[54200:2903010] [debug] [wl_afhttpclientwrapper_package] +[wlafhttpclientwrapper requestwithurl:] in wlafhttpclientwrapper.m:46 :: request url https://wstest.clearlake.ibm.com/pkmslogin.form 2015-04-09 15:00:12.871 thirdpartycompliance[54200:2903010] [debug] [wl_request] -[wlrequest sendrequest:path:withoptions:] in wlrequest.m:141 :: request timeout 10.000000 2015-04-09 15:00:12.876 thirdpartycompliance[54200:2903010] [debug] [wl_request] -[wlrequest sendrequest:path:withoptions:] in wlrequest.m:220 :: sending request (https://wstest.clearlake.ibm.com/pkmslogin.form) headers: { "accept-language" = en; "user-agent" = "thirdpartycompliance/1 (ipad simulator; ios 8.2; scale/2.00)/wlnativeapi/7.0.0.0"; "x-requested-with" = xmlhttprequest; "x-wl-app-version" = "1.0"; "x-wl-device-id" = "c1cfd648-c648-439c-ac9f-8292fdac20e6"; "x-wl-platform-version" = "7.0.0.0"; } can see request body in analytics platform logs. =========== submitloginform request sent
the isam logs don't show submitloginform request ever being sent despite ios mobilefirst api logs say. wrong submitloginform() in v7.0?
update:
it seems wlclient.sharedinstance().wlconnectwithdelegate() has succeed before challengehandler.submitloginform() work. verified using proxy server in front of isam device send adapter service requests through isam, , other mobilefirst server connections bypass isam. in architecture, submitloginform() function works fine, since wlconnectwithdelegate() succeeding without login.
this little confusing since challengehandler called when using wlconnectwithdelegate(), of challengehandler's methods don't yet work until after wlconnectwithdelegate() finishes. can't find documented anywhere works way.
when isam protecting resources between mobile app , mfp server, initial call wlconnectwithdelegate() fail, call not go mfp server. initial connection url/s have left unprotected (unauth in isam).
this link http://www-01.ibm.com/support/docview.wss?uid=swg24034222 contains integration solution between isam , worklight/mobile first 7.x. in v3.6 integration solution, there guide form based login integration (isam_impf_loginform_int_guide.pdf). urls given below ones need left unprotected, without initial connection/certificate based connection/directupdate unsuccessful.
/webseal/<webseal-host-name>-<instance-name>/<context-root>/apps/services/api/<application_name>/<platform>/init /webseal/<webseal-host-name>-<instance-name>/<context-root>/apps/services/api/<application_name>/<platform>/authenticate /webseal/<webseal-host-name>-<instance-name>/<context-root>/directupdate/<application_name>/<platform> /webseal/<webseal-host-name>-<instance-name>/<context-root>/authorization/v1/clients/instance
i hope helps.