Mobile First 7.1 FWLSE0376E:JWS签名的ClientId签名与客户端ID不匹配

时间:2019-01-28 06:49:24

标签: java ios ibm-mobilefirst mobilefirst-adapters mobilefirst-server

出现间歇性问题,当 iOS Native 应用程序与 MobileFirst 7.1.0.00.20180425-1124

之间进行握手时

发现

  1. 发现“范围”查询参数作为空字符串发送到服务器。

在这里,我尝试基于自定义authrealm进行WWW身份验证。

实际网址 

    http://localhost:8080/BA/authorization/v1/authorization?client_id=rr4a6042193a89c44a8d2415874ef6d279123456
 &isAjaxRequest=true&redirect_uri=http%3A%2F%2Fmfpredirecturi&response_type=code&scope=

期望的网址 

    http://localhost:8080/BA/authorization/v1/authorization?client_id=rr4a6042193a89c44a8d2415874ef6d279123456
&isAjaxRequest=true&redirect_uri=http%3A%2F%2Fmfpredirecturi&response_type=code&scope=UserAuthRealm
  1. 根据 worklight-jee-library.jar - com.worklight.authorization.endpoint.token。 TokenEndpoint

公钥不匹配

if (!Bytes.areEqual(clientPublicKey, jwsParts.getPublicKey().getEncoded())){
   logger.debug(method, "JWS signature does not match the client ID");
   return false;
 } 

 return true;
  1. 到目前为止,此问题发生在 iOS 12 设备中。不在其他版本的操作系统中

然后请找到使用的配置。

application-descriptor.xml 

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
    <nativeIOSApp xmlns="http://www.worklight.com/native-ios-descriptor" applicationId="**App" bundleId="com.xxx.mobile" id="**App" platformVersion="7.1.0.00.20160528-1648" securityTest="CustomAppAuthenticityAutoProvTest" version="7.2">

    <displayName>iOS</displayName>
    <description>iOS Mobile App</description>

    <accessTokenExpiration>1800</accessTokenExpiration>
    <userIdentityRealms>UserAuthRealm</userIdentityRealms>
    <pushSender password="*********"/>
    <licenseAppType>APPLICATION</licenseAppType>
    <targetCategory>B2C</targetCategory>
</nativeIOSApp>

conf / authenticationConfig.xml 

<realm name="UserAuthRealm" loginModule="CustomAuthLoginModule">
   <className>com.ibm.mfp.CustomUserAuthenticator</className>
</realm>

worklight.properties 

mfp.session.independent=true
mfp.attrStore.type=database

设备详细信息 

 {
    "x-wl-clientlog-env":"iOSnative",
    "x-wl-clientlog-appversion":"7.0","
    "x-wl-clientlog-model":"iPhone8,2",
    "x-wl-clientlog-osversion":"12.0",
    "x-wl-clientlog-appname":"iOSWLApp"
  }

回复 

{
   "error_description":"Client authentication failed",
   "error":"invalid_client"
}

Message.log

00002171 com.worklight.core.auth.impl.AuthorizationFilterUtils
E FWLSE0376E:JWS签名的ClientId签名与客户端ID不匹配

0000285b com.worklight.oauth.validation.Validator
我OAuthTAI身份验证失败,状态为401,WWW身份验证:Bearer realm =“ imfAuthentication”, scope =“”

Trace.log

[1/27/19 19:08:25:434 GST] 0000285b id = com.worklight.oauth.validation.Validator>确认进入

[1/27/19 19:08:25:434 GST] 0000285b id = com.worklight.oauth.validation.Validator 1验证missing_authorization

[1/27/19 19:08:25:434 GST] 0000285b id = com.worklight.oauth.validation.Validator I processErrorCode OAuthTAI身份验证失败,状态= 401,WWW身份验证:承载域= “ imfAuthentication”,范围=“”

[1/27/19 19:08:25:434 GST] 0000285b id = com.worklight.adapters.rest.WLShouldCompressPredicat 1 shouldCompress Request:http://localhost:8080/MA/adapters/AccessAdapter/getDetails disableCompressionAttr = null [1/27/19 19:08:25:434 GST] 0000285b id = com.worklight.adapters.rest.WLShouldCompressPredicat 1 shouldCompress请求:http://localhost:8080/MA/adapters/AccessAdapter/getDetails acceptGZipEncoding = true

[1/27/19 19:08:25:435 GST] 0000285b id = com.worklight.common.util.BaseProjectLocal 1未设置未设置ProjectLocal

[1/27/19 19:08:25:435 GST] 0000285b id = com.worklight.common.util.BaseProjectLocal 3未设置 java.lang.Throwable         在com.worklight.common.util.BaseProjectLocal.unset(BaseProjectLocal.java:114)         在com.worklight.core.auth.impl.MFPRequestListener.requestDestroyed(MFPRequestListener.java:24)         在com.ibm.ws.webcontainer.webapp.WebApp.notifyServletRequestDestroyed(WebApp.java:2747)

0 个答案:

没有答案
相关问题
最新问题