The IBMJMXConnectorREST endpoint does not appear to support OpenIdConnect.

Describe the bug I am trying to reach https://myhostname/IBMJMXConnectorREST/mbeans/ with authentication being managed using SSO (openIdConnect with UMS)

I tried to call UMS to retrieve a bearer token, and then to call the JMX Rest API with this token, but I get HTTP 401

I tried various combinations for the administrator-role declaration:

<user-access-id>user:o=defaultWIMFileBasedRealm/umsadmin</user-access-id>
<user-access-id>user:https://umshostname/umsadmin</user-access-id>

But I cannot access the JMX REST API, it always return HTTP 401.

Still, the credentials I use allow me to connect to the other APIs I expose on the same server, where it follows the regular OAUTH flow (redirection to UMS, enter credentials, get back to the URL I initially requested).

I tried both restConnector-1.0 and restConnector-2.0. If I try with a user from a basic registry, it works fine.

The IBMJMXConnectorREST endpoint does not appear to support OpenIdConnect.

Steps to Reproduce Setup a simple server with configuration snippet, and restConnector feature. And then try to access https://myhostname/IBMJMXConnectorREST/mbeans/

Expected behavior The OAuth redirection should be followed, or at least, the bearer token should be accepted.

Diagnostic information:

********************************************************************************
product = WebSphere Application Server 20.0.0.3 (wlp-1.0.38.cl200320200305-1433)
wlp.install.dir = /opt/ibm/wlp/
server.output.dir = /opt/ibm/wlp/output/defaultServer/
java.home = /opt/ibm/java/jre
java.version = 1.8.0_241
java.runtime = Java(TM) SE Runtime Environment (8.0.6.7 - pxa6480sr6fp7ifix-20200417_01(SR6 FP7+IJ24291))
os = Linux (4.18.0-147.8.1.el8_1.x86_64; amd64) (en_US)
process = 17@10.254.5.34
********************************************************************************

OpenLiberty / open-liberty

The IBMJMXConnectorREST endpoint does not appear to support OpenIdConnect. #12728