-
Notifications
You must be signed in to change notification settings - Fork 92
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Invalid credentials popup not shown for HTTP 403 errors #2326
Comments
Thank you for creating a bug report. |
Hey @deltatager thanks for raising the request but the HTTP status code 403 forbidden, meaning the client request was complete but you don't have permission to access this resource, is a bit different than HTTP(S) 401 that indicates that the client request has not been completed because it lacks valid authentication credentials for the requested resource. Closing this issue as Not Planned. |
Thanks for the response @JillieBeanSim, but we have observed 403 being returned when passwords are expired or invalid. The screenshot I posted was done using an account that has access to the dataset I was trying to access, but I used the wrong password. This has caused user accounts to become locked on many occasions. How are we supposed to handle this situation if this won't be fixed? |
Is it possible that it's a difference between how RACF and ACF2 handle auth for z/OSMF? When I test using an invalid password on our ACF2 system, I get a 403. When I do the same invalidpassword test on ZXplore(which I assume uses RACF), I get a 401 |
For future reference,turns out it was a permissions issue in ACF2 on the unauthenticated user IZUGUEST used by z/OSMF. In some cases we would get a 403 instead of a 401, in some other instances we even got 500. After setting the permissions properly, the problem was resolved. |
Describe the bug
On our z/OS installation, z/OSMF returns an HTTP 403 wen there is an authentication error, instead of a 401. This way, the "Invalid Credentials" popup isn't shown, leading to pretty much systematic lockouts after a password change .
To Reproduce
Expected behavior
I would expect the popup to show up on both HTTP 401s and 403s to prevent user lockout
Screenshots
Desktop (please complete the following information):
Additional context
Could it be as simple as changing line 60 of ProfileUtils.ts from
} else if (httpErrorCode === imperative.RestConstants.HTTP_STATUS_401) {
to
} else if (httpErrorCode === imperative.RestConstants.HTTP_STATUS_401 || httpErrorCode === 403 ) {
?
The text was updated successfully, but these errors were encountered: