zlux
zlux copied to clipboard
zowe
Authentification failed
Describe the bug When we logon on the habilitation page , we have an authentification problème : "Authentification failed for 1 types. Types: ["zss"]." The Zlux primary page answers correctly and the api médiation layer answer correctly too. We use a keystore.
Screenshots
Desktop (please complete the following information):
- OS: z/OS 2.4
- Browser : chrome Version 90.0.4430.93 (Official Build) (64-bit)
- Version : ZOWE 1.27.1
- Version : nodejs Version 12.18.0
- Version : Java 8.0-64
Hi @TCOS7, there are many possibilities may cause this failure. Did you try out guidance of https://docs.zowe.org/stable/troubleshoot/app-framework/app-troubleshoot#cannot-log-in-to-the-zowe-desktop? If it still doesn't work, please ask in #zowe-users OMP Slack channel.
Hello
We ( with @TCOS7 ) saw the documentation but the recommandations are ok.
We also send a message in Open Mainframe Project #zowe-user. We are waiting for their help.
However we did an IP trace and notice that there is no bytes transfering on IP ZSS port 8542 during a logon on ZOWE ZLUX page.
Some messages on the SYSOUT STC ZOWE appears :
2022-04-07 12:52:15.723 ZWED:33554537 ZWESVUS WARN (_zsf.auth,webauth.js:367) ZWED0003W - User=undefined (org.zowe.zlux.auth.zss): Session authenticate failed. Plugin response: é"success":falseè 2022-04-07 12:52:16.381 ZWED:50331741 ZWESVUS WARN (_zsf.apiml,EurekaClient.js:710) Eureka request failed to endpoint https://sysa.dns21.socgen:7553/eureka/apps, next server retry in 60000ms 2022-04-07 12:52:21.596 ZWED:33554537 ZWESVUS INFO (_zsf.auth,webauth.js:364) ZWED0070I - User=undefined (org.zowe.zlux.auth.trivial): Session authenticate successful. Plugin response: é"success":trueè
Error: self signed certificate in certificate chain
at TLSSocket.onConnectSecure (_tls_wrap.js:1506:34)
at TLSSocket.emit (events.js:315:20)
at TLSSocket._finishInit (_tls_wrap.js:948:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:706:12) é
code: 'SELF_SIGNED_CERT_IN_CHAIN'
è
Regards Gilles
Hello
I wanted to deactivate TLS support for ZSS. So I modified the parameter in instance.env to ZOWE_ZSS_SERVER_TLS=false
And I modified as well the server.json file on workspace directory from https to http :
"http": é
"ipAddresses": Ý"127.0.0.1"~,
//to be a replacement for zssPort
"port": 8542
è,
We come from a 1.20.1 version which doesn't support TLS for ZSS.
But no success.
Regards Gilles
Hi,
If this is still an issue can you post the JSON that follows ZWED5018I - Initializing with configuration
As well as the lines ZWES1014I ZIS status and ZWES1035I ZSS Server settings
This helps us know what the http/https and zis status are.
Hello
Sorry for the delay,
Just below the informations you ask me ;
ZWED5018I - Initializing with configuration: é "productDir": "/usr/lpp/zowe/components/app-server/share/zlux-app-server/defaults", "siteDir": "/usr/lpp/zowe/instance/workspace/app-server/site", "instanceDir": "/usr/lpp/zowe/instance/workspace/app-server", "groupsDir": "/usr/lpp/zowe/instance/workspace/app-server/groups", "usersDir": "/usr/lpp/zowe/instance/workspace/app-server/users", "pluginsDir": "/usr/lpp/zowe/instance/workspace/app-server/plugins", "node": é "rootRedirectURL": "/ZLUX/plugins/org.zowe.zlux.bootstrap/web/", "allowInvalidTLSProxy": false, "noChild": false, "noPrompt": false, "https": é "ipAddresses": [ "0.0.0.0" ], "port": 8544, "keys": [ "/usr/lpp/zowe/keystore/localhost/localhost.key" ], "certificates": [ "/usr/lpp/zowe/keystore/localhost/localhost.cer" ] è, "mediationLayer": é "enabled": true, "cachingService": é "enabled": true è, "server": é "hostname": "xxx", "gatewayPort": 7554, "port": 7553 è è, "hostname": "sysa.dns21.socgen" è, "dataserviceAuthentication": é "rbac": false, "defaultAuthentication": "fallback" è, "agent": é "64bit": true, "jwt": é "fallback": true è, "mediationLayer": é "enabled": true è, "host": "xxxx.", "https": é "port": 8542 è, "http": éè è, "SERVER": é "HTTPS": é "PORT": 8544 è è, "privilegedServerName": "ZWESIS_STD", "NODE": é "LOG": é "DIR": "/usr/lpp/zowe/instance/logs", "FILE": "/usr/lpp/zowe/instance/logs/appServer-2022-10-10-07-39.log" è è, "instanceID": 1, "cookieIdentifier": 1 è
ZWES1014I ZIS status - 'Ok' (name='ZWESIS_STD ', cmsRC='0', description='Ok', clientVersion='2') ZWES1035I ZSS Server settings: Address='0.0.0.0', port='8542', protocol='https'
Thanks for your help
Regards Gilles De : 1000TurquoisePogs @.> Envoyé : vendredi 1 juillet 2022 15:43 À : zowe/zlux @.> Cc : PENIGUEL Gilles ResgGtsRcrZisVdf @.>; Comment @.> Objet : Re: [zowe/zlux] Authentification failed (Issue #862)
[EMETTEUR EXTERNE] / [EXTERNAL SENDER] Soyez vigilant avant d'ouvrir les pièces jointes ou de cliquer sur les liens. En cas de doute, signalez le message via le bouton "Message suspect" ou consultez go/secu. Be cautious before opening attachments or clicking on any links. If in doubt, use "Suspicious email" button or visit go/secu.
Hi, If this is still an issue can you post the JSON that follows ZWED5018I - Initializing with configuration As well as the lines ZWES1014I ZIS status and ZWES1035I ZSS Server settings This helps us know what the http/https and zis status are.
— Reply to this email directly, view it on GitHubhttps://github.com/zowe/zlux/issues/862#issuecomment-1172364356, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AQSJDQSX57242SWMCVN2NK3VR3YXFANCNFSM5Y3GBKXA. You are receiving this because you commented.Message ID: @.@.>>
Ce message et toutes les pieces jointes (ci-apres le "message") sont confidentiels et susceptibles de contenir des informations couvertes par le secret professionnel. Ce message est etabli a l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autorisee interdite. Tout message electronique est susceptible d'alteration. La SOCIETE GENERALE et ses filiales declinent toute responsabilite au titre de ce message s'il a ete altere, deforme falsifie.
=========================================================
This message and any attachments (the "message") are confidential, intended solely for the addresses, and may contain legally privileged information. Any unauthorized use or dissemination is prohibited. E-mails are susceptible to alteration. Neither SOCIETE GENERALE nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified.
=========================================================