Configure the MobileFirst LTPA realm

The IBM MobileFirst Platform Server contains the authenticator and login module that are designed to handle authentication using LTPA through form-base authentication.

We must update authenticationConfig.xml.to configure the server to use the MobileFirst LTPA realm.

1. Add the login module definition to the <loginModules> element in the server's authenticationConfig.xml file. The following example uses a login module called WASLTPAModule:

   <loginModules>
   ...
     <loginModule name="WASLTPAModule">
       <className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
     </loginModule>
   ...
   </loginModules>

2. Add the realm definition to the <realms> element in the server's authenticationConfig.xml file. The following example uses a realm called WASLTPARealm:

   <realms>
   ...
     <realm name="WASLTPARealm" loginModule="WASLTPAModule">
       <className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
         <parameter name="login-page" value="/login.html" />
         <parameter name="error-page" value="/loginError.html" />
     </realm>
   ...
   </realms>

3. Add a user test to an existing test in authenticationConfig.xml.

   <customSecurityTest name="LTPASecurityTest">
     <test realm="wl_authenticityRealm" />
     <test realm="WASLTPARealm" isInternalUserID="true" />
     <test realm="wl_deviceNoProvisiongRealm" isInternalDeviceID="true" />
   </customSecurityTest>

4. Create a login page and a login error page. The WASLTPARealm must know which HTML file to present to the client when the client must authenticate. This HTML file must be named login.html. When the client enters invalid credentials, the WASLTPARealm presents an error HTML file. This HTML file must be named loginError.html. These HTML files must be added to the root directory in the MobileFirst Server WAR file. The following example shows a sample login.html file:

   <html>
     <head>
       <title>Login</title>
     </head>
     <body>
       <form method="post" action="j_security_check">
         <input type="text"
                id="j_username"
                name="j_username"
                placeholder="User name" />
         <input type="password"
                id="j_password"
                name="j_password"
                placeholder="Password" />
         <input type="submit" id="login" name="login" value="Log In" />
       </form>
     </body>
   </html>

   The following example shows a sample loginError.html file:

   <html>
     <head>
       <title>Login Error</title>
     </head>
     <body>
       An error occurred while trying to log in.
     </body>
   </html>

Parent topic: MobileFirst Security and LTPA