Configuring the MobileFirst LTPA realm

The IBM MobileFirst™ Platform Server contains the authenticator and login module that are designed to handle authentication by using LTPA through form-base authentication.

About this task

You must update the authenticationConfig.xml file to configure your server to use the MobileFirst LTPA realm.

Procedure

  1. Add the login module definition to the <loginModules> element in your server’s authenticationConfig.xml file. The following example uses a login module that is called WASLTPAModule:
    <loginModules>
...
  <loginModule name="WASLTPAModule">
    <className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
  </loginModule>
...
</loginModules>
  2. Add the realm definition to the <realms> element in your server’s authenticationConfig.xml file. The following example uses a realm that is called WASLTPARealm:
    <realms>
...
  <realm name="WASLTPARealm" loginModule="WASLTPAModule">
    <className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
      <parameter name="login-page" value="/login.html" />
      <parameter name="error-page" value="/loginError.html" />
  </realm>
...
</realms>
  3. Add a user test to an existing test in the authenticationConfig.xml file. 
    <customSecurityTest name="LTPASecurityTest">
  <test realm="wl_authenticityRealm" />
  <test realm="WASLTPARealm" isInternalUserID="true" />
  <test realm="wl_deviceNoProvisiongRealm" isInternalDeviceID="true" />
</customSecurityTest>
  4. Create a login page and a login error page. The WASLTPARealm must know which HTML file to present to the client when the client must authenticate. This HTML file must be named login.html. When the client enters invalid credentials, the WASLTPARealm presents an error HTML file. This HTML file must be named loginError.html. These HTML files must be added to the root directory in the MobileFirst Server WAR file. The following example shows a sample login.html file:
    <html>
  <head>
    <title>Login</title>
  </head>
  <body>
    <form method="post" action="j_security_check">
      <input type="text"
             id="j_username"
             name="j_username"
             placeholder="User name" />
      <input type="password"
             id="j_password"
             name="j_password"
             placeholder="Password" />
      <input type="submit" id="login" name="login" value="Log In" />
    </form>
  </body>
</html>
    The following example shows a sample loginError.html file:
    <html>
  <head>
    <title>Login Error</title>
  </head>
  <body>
    An error occurred while trying to log in.
  </body>
</html>
Parent topic: MobileFirst Security and LTPA