API ML: secure credentials store usage implementation

Question

API ML: secure credentials store usage implementation

KUGDev opened this issue a year ago · 1 comments

API ML gives a possibility to auhorize using API ML MFA
We need to investigate this possibility
DoD: the authentication and authorization process is working with API ML (test of z/OSMF connection is successful)

Answer 1 · 2023-11-10T09:58:14.000Z

First you need to register your z/OSMF service in API ML.

Next you need to specify the z/OSMF Authentication Provider for the API Gateway (https://docs.zowe.org/v2.9.x/extend/extend-apiml/authentication-for-apiml-services/#authentication-providers).

In the file .\api-layer\config\local\gateway-service.yml specify:

apiml.security.auth.provider: zosmf
apiml.security.auth.zosmfServiceId: zosmf # Replace me with the correct z/OSMF service id

To get an API ML token in the cookie you need to send a request:

POST https://localhost:10010/gateway/api/v1/auth/login

Request body:

{
    "username":"username",
    "password":"password"
}

https://localhost:10010 - URL-address of the API ML.
The username and password values are credentials from z/OSMF.

The request will return the value of the API ML token in the cookie (apimlAuthenticationToken), which can be used for next requests without using the Authorization header.