Zowe Explorer and MFA
search cancel

Zowe Explorer and MFA

book

Article ID: 264251

calendar_today

Updated On:

Products

Brightside

Issue/Introduction

MFA user's RACF ID got suspended using zowe exploer (dev profile is not using API M/L, connection via z/OSMF REST service):

For MFA user, user is leaving the password blank in the dev profile set up.

When trying to use DataSet browser/explorer, it’ll ask for a password. User enters MFA token id, successfully connected to dev, able to browse DataSet using filter.

After a few minutes, the user RACF ID got suspended. Zowe Explorer seems to save the MFA token id that the user entered above (MFA token is only valid for 60 seconds), and does reconnect/reauthenticate behind the scene and not prompting the user for updated MFA Token.

 

 

Environment

Release : 4.0

VSCode v1.76.1

Zowe Explorer v2.6.2

 

Cause

Multifactor authentication is only supported when connecting Zowe client components to APIML. The clients do not support MFA directly to a mainframe service.

Resolution

Zowe API ML provides a single point of access to a defined set of mainframe services. The layer provides API management features such as high-availability, consistent security, and a single sign-on (SSO) and multi-factor authentication (MFA) experience.

For more information, check out Integrating with API Mediation Layer

Also check out the instruction on how to Use base profiles and tokens with existing profiles in zowe explorer.