zlux icon indicating copy to clipboard operation
zlux copied to clipboard

Published 20 hours ago verified publisher icon zowe

Resetting an expired password does not work if authentication is done using APIML

Open vit-tomica opened this issue 4 years ago • 2 comments

I'm not able to reset an expired password if Zowe Desktop uses APIML for doing authentication. Also, I don't even get a message about that the password has expired. I can see a generic error message instead: image

A message in log:

ZWED0003W - 6pHSnqQY0FETe2hnNZGw_SkU1H0hHIg6: Session security call authenticate failed for auth handler org.zowe.zlux.auth.safsso. Plugin response: {"success":false,"reason":"Unknown","error":{"message":"APIML 401 "},"apiml":true,"zss":true,"sso":false,"canChangePassword":true}
ZWED0070I - 6pHSnqQY0FETe2hnNZGw_SkU1H0hHIg6: Session security call authenticate succesful for auth handler org.zowe.zlux.auth.trivial. Plugin response: {"success":true}

Resetting password works fine when authentication is done via zss only.

vit-tomica avatar Aug 18 '20 12:08 vit-tomica

I believe this is a bug that happens because APIML does not know the password expired, so it responds with 401, while ZSS does know that the password expired. Because in this configuration zlux is talking to both zss and apiml, there is a confusion about which response to send back: apiml 401 or zss message. We'll have to make a fix for this specific case so that we send back the zss message instead of the apiml one, which should allow for password reset to be done. Thanks for reporting!

1000TurquoisePogs avatar Sep 11 '20 19:09 1000TurquoisePogs

Hello

Same issue for me with ZOWE 2.8. Is there a patch ?

Regards Gilles Peniguel

GilPen avatar Oct 02 '23 07:10 GilPen