JoeNemo
commented
2 years ago Hi Jack and Sean, can you please add all relevant details to this bug. This seems like something changed in zOSMF or APIML, but don't have a test case.
Open 1000TurquoisePogs opened 2 years ago
JoeNemo
commented
2 years ago Hi Jack and Sean, can you please add all relevant details to this bug. This seems like something changed in zOSMF or APIML, but don't have a test case.
1000TurquoisePogs
commented
2 years ago https://github.com/zowe/zss/blob/v2.x/staging/c/jwk.c#L275= seems to be where we are handling APIML output from the APIML url https://host:7554/gateway/api/v1/auth/keys/public/current I'm told sometimes (different system configurations?) the API returns a differently shaped JSON.
Here's one shape that I do have:
curl -k https://host:7554/gateway/api/v1/auth/keys/public/current -H 'Accept: application/json'
{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","kid":"somestring...","alg":"RS256","n":"some-longer-string..."}]}But I believe there's another shape, so please report here if you see one we don't support.
Dingmans
commented
2 years ago Hello!
I've had issues with SSO to ZSS via the Zowe desktop, it works fine with direct API calls to ZSS with basic auth. Been scouring the internet to try and find some resources - Perhaps the issue above could be why?
The zowe version we're using is V 1.27.1 and z/OS 2.4.
I do get the following messages: ZWES1602W JWK is in unrecognized format ZWES1605W Server will not accept JWT
curl -k https://myhost:7554/gateway/api/v1/auth/keys/public/current
<JSONObject><keys><kty>RSA</kty><e>AQAB</e><n>Some long string.........</n></keys></JSONObject>Which do look different from the previous example.
Best regards, David
1000TurquoisePogs
commented
2 years ago i believe you must do -H 'Accept: application/json' to get JSON out.
Dingmans
commented
2 years ago Greetings,
Oh yeah missed the header. Added that part and it seems like some fields are missing compared to yours, not sure if that counts as different shape?
{"keys":[{"kty":"RSA","e":"AQAB","n":"some long string.... "}]}
Many thanks!
For some reason, in some environments the APIML JWT URL returns the info ZSS needs necessary to cryptographically verify a JWT in a different JSON format than in other environments. I'm unsure if this is when zosmf is off vs on, or zos 2.4 vs 2.5, or any other environment condition. All I know is that Jack Jia has an environment in which SSO does not work and it is due to apiml returning crypto info in a different format than ZSS is coded to receive, but it doesnt happen in my environment so i cant test it well. I lost the exact format to Slack but it appeared that a lot of the info was still the same, just with different key names.