IBM Support

PH39582: WHEN USING MFA TOKEN TO AUTHENTICATE IS BEING VERIFIED TWICE.ITS FAILING ON THE SECOND TIME WHEN REQUESTED AND IT SHOULD BE ONCE

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The client were not able to authenticate with APIML when using
MFA. They hit an 401 error. This is happening only when Gateway
is using z/OSMF/authenticate endpoint.
 is causing SSO not to work in the whole Zowe layer. Zowe CLI
does not work with MFA. Clients using ZAAS authentication can't
authenticate with MFA as well.
When the MFA Token service was used in this case and
invoked/verified twice when it should be invoked/verified only
once to be able to authenticate.

Local fix

  • 



Problem summary


    

  • The client were not able to authenticate with APIML when using
MFA. They hit an 401 error. This is happening only when Gateway
is using z/OSMF/authenticate endpoint.
 is causing SSO not to work in the whole Zowe layer. Zowe CLI
does not work with MFA. Clients using ZAAS authentication can't
authenticate with MFA as well.
When the MFA Token service was used in this case and
invoked/verified twice when it should be invoked/verified only
once to be able to authenticate.

    



Problem conclusion


    

  • The client were not able to authenticate with APIML when using
MFA. They hit an 401 error. This is happening only when Gateway
is using z/OSMF/authenticate endpoint.
 is causing SSO not to work in the whole Zowe layer. Zowe CLI
does not work with MFA. Clients using ZAAS authentication can't
authenticate with MFA as well.
When the MFA Token service was used in this case and
invoked/verified twice when it should be invoked/verified only
once to be able to authenticate.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PH39582
    • 

  • Reported component name
    Z/OSMF CORE
    • 

  • Reported component ID
    5655S28SM
    • 

  • Reported release
    230
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2021-08-05
    • 

  • Closed date
    2021-09-06
    • 

  • Last modified date
    2021-12-08
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
UI77026 UI77027 UI77028
    

    • 



Modules/Macros


    

  • IZUATSEC IZUGNABR IZUGNABX

    



Fix information


    

  • Fixed component name
    Z/OSMF CORE
    • 

  • Fixed component ID
    5655S28SM
    • 



Applicable component levels


    

  • R230  PSY  UI77028
       UP21/09/30  P  F109
    • 

  • R240  PSY  UI77027
       UP21/09/30  P  F109
    • 

  • R250  PSY  UI77026
       UP21/09/29  P  F109
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU011","label":"Systems - zSystems software"},"Product":{"code":"SG19O"},"Platform":[{"code":"PF054","label":"z\/OS"}],"Version":"230"}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            09 December 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback