Modifying Worklight's Liberty profile config to use LDAP & 401s from Worklight Studio

StackOverflow https://stackoverflow.com//questions/25047479

Question

after some stumbling, I was able to get the server.xml configured to hit LDAP. which is good. However, now I'm no longer able to deploy from Worklight Studio.

using bad credentials in the jndi yields the expected error; so i have to assume the credentials configured in jndi are working.

[2014-07-30 16:05:34] Failed to deploy application 'application' to Worklight Server: HTTP 401 – Unauthorized`

and in worklight log:

    [ERROR   ] FWLST0003E: ========= Failed starting project /myproject [project myproject]
Error creating bean with name 'taskManager' defined in URL [wsjar:file:/C:/Users/user/luna-workspace-local/WorklightServerConfig/shared/resources/worklight-jee-library-6.2.0.jar!/conf/core.xml]: Cannot resolve reference to bean 'worklightAuthenticationService' while setting bean property 'authenticationService'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'worklightAuthenticationService' defined in URL [wsjar:file:/C:/Users/user/luna-workspace-local/WorklightServerConfig/shared/resources/worklight-jee-library-6.2.0.jar!/conf/core.xml]: Cannot create inner bean 'com.worklight.core.auth.impl.LoginConfigurationServiceBean#16d60e0' of type [com.worklight.core.auth.impl.LoginConfigurationServiceBean] while setting bean property 'loginConfigurationService'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'com.worklight.core.auth.impl.LoginConfigurationServiceBean#16d60e0' defined in URL [wsjar:file:/C:/Users/user/luna-workspace-local/WorklightServerConfig/shared/resources/worklight-jee-library-6.2.0.jar!/conf/core.xml]: Invocation of init method failed; nested exception is java.lang.RuntimeException: FWLSE0249E: conf/authenticationConfig.xml contains duplicated realm named: wl_directUpdateRealm [project myproject]

The relevant server.xml config changes 

<administrator-role>
  <user>user</user>
</administrator-role>  

<jndiEntry jndiName="ibm.worklight.admin.jmx.user" value="user"/>
<jndiEntry jndiName="ibm.worklight.admin.jmx.pwd" value="{xor}password"/>

<ldapRegistry baseDN="DC=group,DC=dev,DC=dce,DC=company,DC=com" bindDN="user@dev" bindPassword="{xor}password" host="group.dev.dce.company.com" id="ldap" ignoreCase="true" ldapType="Microsoft Active Directory" port="389" realm="group.dev.dce.company.com:389"><activedFilters groupFilter="(&amp;(cn=%v)(objectcategory=group))" groupIdMap="*:cn" groupMemberIdMap="memberOf:member" userFilter="(&amp;(sAMAccountName=%v)(objectcategory=user))" userIdMap="user:sAMAccountName"/></ldapRegistry>   

<!-- Declare the IBM Worklight Admin Services application. -->
      <application context-root="worklightadmin" id="worklight-management-service" location="worklight-management-service.war" name="WorklightServices" type="war">
        <application-bnd>
          <security-role name="worklightadmin">
            <user name="user"/>
          </security-role>
          <security-role name="worklightdeployer">
      <user name="user"/>
          </security-role>
          <security-role name="worklightmonitor">
      <user name="user"/>
          </security-role>
          <security-role name="worklightoperator">
      <user name="user"/>
          </security-role>
        </application-bnd>
        <classloader delegation="parentLast">
          <privateLibrary>
            <fileset dir="${wlp.install.dir}/lib" includes="com.ibm.ws.crypto.passwordutil*.jar"/>
          </privateLibrary>
        </classloader>
      </application>
      <application context-root="worklightconsole" id="worklight-management-ui" location="worklight-management-ui.war" name="WorklightConsole" type="war">
    <application-bnd>
      <security-role name="worklightadmin">
  <user name="user"/>
      </security-role>
      <security-role name="worklightdeployer">
  <user name="user"/>
      </security-role>
      <security-role name="worklightmonitor">
  <user name="user"/>
      </security-role>
      <security-role name="worklightoperator">
  <user name="user"/>
      </security-role>
    </application-bnd>
  </application>
Was it helpful?

Solution

The problem was with this line 

<jndiEntry jndiName="ibm.worklight.admin.jmx.pwd" value="{xor}password"/>

the password here shouldn't have been {xor}'d but rather plaintext

<jndiEntry jndiName="ibm.worklight.admin.jmx.pwd" value="password"/>
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top