IBM Support

PH16284: z/OS Connect EE API requester receives 403-Authorization error when invoking an API configuration to support identity assertion.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as unreproducible in next release.

Error description

  • z/OS Connect EE API requester getting 403-Authorization error
    when invoking API configuration to support Identity Assertion
    feature.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All users of z/OS Connect EE V3.0 using ID   *
    *                 assertion with API requester.                *
    ****************************************************************
    * PROBLEM DESCRIPTION: z/OS Connect EE API requester receives  *
    *                      403-Authorization error when invoking   *
    *                      an API configuration to support         *
    *                      identity assertion.                     *
    ****************************************************************
    When using ID assertion from an API requester application with
    requireAuth="false" set, the z/OS Connect EE server was not able
    to correctly determine the groups which the asserted ID was a
    member of. This resulted in authorization errors in the z/OS
    Connect EE server and HTTP response code 403 being returned to
    the API requester application.
    

Problem conclusion

Temporary fix

Comments

  • z/OS Connect EE has been updated so that the groups which the
    asserted ID is a member of are correctly identified allowing the
    the authorization check to complete correctly.
    
    The fix for this APAR is expected to be delivered by the PTF for
    z/OS Connect EE V3.0.25.0 (PH15511).
    

APAR Information

  • APAR number

    PH16284

  • Reported component name

    Z/OS CONNECT EE

  • Reported component ID

    5655CE300

  • Reported release

    000

  • Status

    CLOSED UR1

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2019-09-03

  • Closed date

    2019-09-11

  • Last modified date

    2019-09-11

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    Z/OS CONNECT EE

  • Fixed component ID

    5655CE300

Applicable component levels

[{"Business Unit":{"code":"BU011","label":"Systems - zSystems software"},"Product":{"code":"SSVVFY","label":"z\/OS Connect Enterprise Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.0","Edition":""}]

Document Information

Modified date:
11 September 2019