search

zowe / zlux

The top-level superproject for zLUX. zLUX includes the Zowe Desktop framework in addition to several built-in apps and an example server implementation.
Eclipse Public License 2.0
38 stars 42 forks source link

Authentication failed for 3 types. Types: ["saf","apiml","zss"] org.zowe.zlux.auth.safsso: APIML unable to get issuer certificate #965

Closed Sam-Explorer closed 1 year ago

Sam-Explorer commented 1 year ago

Bug: Authentication failed for 3 types. Types: ["saf","apiml","zss"] org.zowe.zlux.auth.safsso: APIML unable to get issuer certificate

Zowe Version 2.6

API Service are running good, however issue with login to ZOWE Desktop getting below error message. Authentication failed for 3 types. Types: ["saf","apiml","zss"] org.zowe.zlux.auth.safsso: APIML unable to get issuer certificate

ZOWE STC is able to communicate with Cross-Memory Server

ZWESVUSR CRITICAL (_zsf.bootstrap,plugin-loader.js:959) unable to get issuer certificate Any suggestions?
1000TurquoisePogs commented 1 year ago

It's possible that the app-server cannot validate the certificate of the api mediation layer. Check your zowe.certificate section of the zowe.yaml to ensure that the values are correct, in particular the zowe.certificate.pem section does need to be defined to alert the app-server about the CAs, because if the app-server can't read the CAs, then it wont validate the certificate of apiml if zowe.verifyCertificates is set to something other than "disabled". What is the value of that currently?

Sam-Explorer commented 1 year ago

we have similar configuration in zowe.yaml, same as given in the zowe doc https://docs.zowe.org/stable/user-guide/configure-certificates-keyring zowe: certificate: keystore: type: JCERACFKS file: safkeyring://ZWESVUSR/ZoweKeyring password: 'password' alias: localhost truststore: type: JCERACFKS file: safkeyring://ZWESVUSR/ZoweKeyring password: "password" pem: key: '' certificate: '' certificateAuthorities: safkeyring:////ZWESVUSR/ZoweKeyring&localca

  I tried with STRICT & NONSTRICT - its does not work and works only if I have DISABLED.

  Thanks..
skurnevich commented 1 year ago

Hi Sam, could you please try to use four slashes to specify the keyring (safkeyring:////) everywhere? There were some changes in keyring config format in Zowe 2.7, so latest docs a bit irrelevant for your version of Zowe, please refer to the example in docs for v2.6 https://docs.zowe.org/v2.6.x/user-guide/configure-certificates-keyring

Sam-Explorer commented 1 year ago

Hi Sergei, we did specify (safkeyring:////). Issue has been fixed, with reference to https://github.com/zowe/docs-site/issues/1550

Thank you for response! :-)