/gateway/api/v1/auth/ticket does not accept OIDC token

[jthyssenrocket]

I have Zowe v3.3 configured with OIDC, and can successfully call: /gateway/api/v1/auth/oidc-token/validate passing header "Authorization: Bearer {{oidc-token}}"

I've also called other APIs such as /ibmzosmf/api/v1/zosmf/tsoApp/v1/tso for the TSO command "LU" (again with header "Authorization: Bearer {{oidc-token}}"), and I can see that the tso command is executed for the userid mapped from the OIDC id to RACF userid with RACMAP.

However, if I call /gateway/api/v1/auth/ticket it does not accept the ODIC token

{ "messages": [ { "messageType": "ERROR", "messageNumber": "ZWEAO402E", "messageContent": "The request has not been applied because it lacks valid authentication credentials.", "messageAction": "Review the product documentation for more details about acceptable authentication. Verify that your credentials are valid and contact security administrator to obtain valid credentials.", "messageReason": "The accessed resource requires authentication. The request is missing valid authentication credentials or the token expired.", "messageKey": "org.zowe.apiml.common.unauthorized" } ] }

It looks like OIDC tokens is not accepted by the /gateway/api/v1/auth/ticket endpoint?
Is there any reason for that?

[balhar-jakub]

This seems to be an issue with the API Mediation Layer endpoints not supporting the OIDC even though it is supported for other onboarded services.

It is not intentional behavior.