Log in to Zowe APIML with Zowe Explorer in VSCode
{Core} If you are using Open Mainframe Project’s Zowe API Mediation Layer, you probably already know how to authenticate to the APIML with the Zowe CLI. This feature has also been added to the Zowe Explorer extension in VSCode.
Without using the techniques described in this blog, Zowe Explorer will maintain your profile’s login status separately from Zowe CLI. This means that even if you’ve already logged into the APIML via the CLI, you’ll have to authenticate again in Zowe Explorer. In addition, within Zowe Explorer you won’t be taking advantage of the security benefits that token-based authentication offers you.
The APIML offers an API catalog of registered services through which it lets clients (such as Zowe Explorer or Zowe CLI) access REST services, taking advantage of functionality such as high availability and single sign-on. With the single sign-on feature, the APIML acts as a gateway proxy server for user authentication. When a user’s credentials are validated by the APIML for the first time, a token is returned for use on subsequent requests. The single challenge of the password can be used alongside enhanced security mechanisms such as multi-factor authentication, thus providing a solution that protects against phishing or other types of impersonation attacks.
By following this guide, you’ll ensure that single sign-on and token-based authentication is used for each of your Zowe CLI and Zowe Explorer profiles. As one of the developers of Zowe Explorer I use this new login feature every day, to directly authenticate to the APIML from Zowe Explorer without typing anything into the CLI.
Let’s Set it Up
If you’re trying this feature out for the first time, or you’ve had some trouble setting it up already, then this is the blog for you.
You may have seen a message on log in which says, “This profile does not support login”:
You’re seeing this message because your base and/or service profiles are configured incorrectly. Here’s what you should check:
- Make sure you’ve created a base profile according to the instructions here.
(You should also check in folder../.zowe/profiles/baseto make sure it contains adefault.yamlfile, if you’ve already created the base profile and it’s still not working) - The base & service profiles you’re trying to log on with cannot contain passwords. So remove them if they’re present.
By using the settings above, you should be able to log into APIML via Zowe Explorer, without using the CLI to generate a token.
Working Example: With the following settings, you will be able to log in to APIML via Zowe Explorer:
Behind the Scenes
But why do I need to use these settings? You ask. Great question! It’s because in Zowe, service profiles have precedence over base profiles. Any service profile property will be used instead of the base profile property.
Also, if one of the two profiles contains a password, Zowe Explorer will try to authenticate with a user and password, instead of a token…even if the token is present.
For example, if you are using the following settings:
Zowe Explorer will authenticate your actions using the following settings:
Hopefully this article has clarified the base & service profile requirements in Zowe Explorer, and you can take advantage of this new feature yourself.
Happy coding!
If you enjoyed this blog checkout more Zowe blogs here. Or, ask a question and join the conversation on the Open Mainframe Project Slack #Zowe-dev, #Zowe-user or #Zowe-onboarding. If this is your first time using the OMP slack channel register here.
#Mainframe #Zowe #VSCode #Open Source #APIML #API Mediation Layer #Authentication #Base Profile #Service Profile
