Closed js665999 closed 1 year ago
Can you give more information about why you think this is a zlux bug? Do you see network traffic reaching zlux (try env var zowe.environments.DEBUG: express:*
) that corresponds with the 401?
To my knowledge the desktop login page doesn't respond with a 401 ever, it's a static webpage that doesnt require auth, but the action it does upon loading is to check cookies & query app-server to see if there is an existing valid login, or else present a login prompt, because although the page will load, none of the REST APIs will succeed without login.
So if we're seeing a 401 here, this looks like a 401 the gateway is sending. Could you confirm/deny that with components.gateway.debug: true
?
It's important and strange that the api-catalog does not get a 401 but zlux does. Lets figure out why. Perhaps api-catalog is on a special list of urls, or there's an important difference in the discovery registration that makes the gateway determine whether to send a 401 or not.
I have discussed it with APIML team and they didn't think its gateway's fault but now they are not sure. We will investigate and move the issue if necessary.
Closing this because it was discovered the solution was about client certificate usage. As far as I know, zowe 2.9 will contain a fix for when client certificates are present.
Describe the bug When accessing Desktop through gateway with https://zowe.externalDomains[0]:zowe.externalPort/zlux/ui/v1/ we get "This page isn't working right now(401)" This is happening when authentication provider is set to "zosmf" and JWT is not enabled in z/OSMF. If you first login to API Catalog UI, this does not happen and it will successfully redirect to Desktop. According documentation Zowe will generate its own JWT if it does not get one from z/OSMF.
Steps to Reproduce
Expected behavior Upon getting 401 redirect to Desktop login page
Screenshots![image (6)](https://user-images.githubusercontent.com/45845701/222187460-9c4f4f7a-63ed-4644-b08a-6dd6bdb15750.png)
Logs ZWES1014I ZIS status - 'Ok' (name='ZWESIS_01 ', cmsRC='0', description='Ok', clientVersion='2') ... HTTP status 404 failed to obtain JWK, status = 2 ZWES1606W Failed to get JWK - HTTP response error, retry in 10 seconds ZWES1601I Server is ready to accept JWT with fallback to legacy tokens
Describe your environment Zowe v2.6 z/OS version: RELEASE z/OS 02.05.00 LICENSE = z/OS Java version: java version "1.8.0_351" NodeJS version: v14.20.1