search

zowe / zlux

The top-level superproject for zLUX. zLUX includes the Zowe Desktop framework in addition to several built-in apps and an example server implementation.
Eclipse Public License 2.0
39 stars 42 forks source link

Resetting an expired password does not work if authentication is done using APIML #505

Open vit-tomica opened 4 years ago

vit-tomica commented 4 years ago

I'm not able to reset an expired password if Zowe Desktop uses APIML for doing authentication. Also, I don't even get a message about that the password has expired. I can see a generic error message instead: image

A message in log:

ZWED0003W - 6pHSnqQY0FETe2hnNZGw_SkU1H0hHIg6: Session security call authenticate failed for auth handler org.zowe.zlux.auth.safsso. Plugin response: {"success":false,"reason":"Unknown","error":{"message":"APIML 401 "},"apiml":true,"zss":true,"sso":false,"canChangePassword":true}
ZWED0070I - 6pHSnqQY0FETe2hnNZGw_SkU1H0hHIg6: Session security call authenticate succesful for auth handler org.zowe.zlux.auth.trivial. Plugin response: {"success":true}

Resetting password works fine when authentication is done via zss only.

1000TurquoisePogs commented 4 years ago

I believe this is a bug that happens because APIML does not know the password expired, so it responds with 401, while ZSS does know that the password expired. Because in this configuration zlux is talking to both zss and apiml, there is a confusion about which response to send back: apiml 401 or zss message. We'll have to make a fix for this specific case so that we send back the zss message instead of the apiml one, which should allow for password reset to be done. Thanks for reporting!

GilPen commented 1 year ago

Hello

Same issue for me with ZOWE 2.8. Is there a patch ?

Regards Gilles Peniguel