api-layer
api-layer copied to clipboard
zowe
Personal Access Tokens do not work with scheme: zoweJwt
Describe the bug Personal Access Tokens do not work with scheme: zoweJwt
Steps to Reproduce
- Obtain a personal access token (PAT)
- Verify that the PAT works when accessing a z/OSMF REST API
- Verify that the PAT works with a service configured to use scheme: httpBasicPassTicket
- Verify that the PAT is not accepted by a service configured to use scheme: zoweJwt
Expected behavior PAT should work for services using zoweJwt as well as x509 and safidt schemes.
Screenshots If applicable, add screenshots to help explain your problem.
Logs If applicable, add server logs collected at the time of your problem.
Details
- Version and build number :Version 2.14.4 build # 161
REST API client (in case of REST API issue):
- Technology: curl
- OS: Windows 10
Additional context Add any other context about the problem here.
Willingness to help Willing
https://github.com/zowe/api-layer/wiki/Issue-management
Just a note it can't work withthe x509 scheme, but the zoweJwt is necessary to validate.
Just a note it can't work withthe x509 scheme, but the zoweJwt is necessary to validate.
Is this because a service configured with scheme x509 must be forwarded the certificate info from a client certificate?
So similarly, if you use the auth/login and get a JWT, you cannot use that to access services which have scheme x509?
It's similar but for x509 it's known and accepted limitation and we don't allow this schema within conformance.
For Personal Access Tokens this behavior is bug.
Thanks - I didn't realize this, but see it clearly outlined in the conformance program and here:
authentication.scheme The value of this parameter specifies a service authentication scheme. The following schemes that participate in single sign on are supported by the API Gateway: zoweJwt, safIdt, httpBasicPassTicket. Two additional schemes that do not properly participate but may be relevant are bypass, and x509.