update diagram and steps description

Signed-off-by: ac892247 <[email protected]>
zowe · Dec 5, 2024 · 390b37f · 390b37f
1 parent fda7fb6
commit 390b37f
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 4 deletions.
diff --git a/docs/diagrams/apiml-oidc-auth-seq.puml b/docs/diagrams/apiml-oidc-auth-seq.puml
@@ -28,11 +28,15 @@ GW -> GW: Create Zowe JWT
 GW -> Service: Call API service with Zowe JWT
 Service -> Service: Validate JWT
 Service --> GW: Return Response
+autonumber 14 1
 else mapping failure
+
 GW -> Service: call API service with access token
+note left: Step 13 Create Zowe JWT was skipped
 Service -> Service: Validate access token
 Service --> GW: Return Response
 end
+autonumber 17 1
 GW --> Agent: Response
 
 

diff --git a/docs/extend/extend-apiml/api-mediation-oidc-authentication.md b/docs/extend/extend-apiml/api-mediation-oidc-authentication.md
@@ -68,13 +68,14 @@ The following diagram illustrates the interactions between the participants of t
 14. Calls the API with credentials.
 15. Services validates generated mainframe credentials.
 16. The requested data is returned.
+17. The requested data is returned to the user agent.
 
 **When user mapping does not exist**
 
-17. The API ML Gateway calls the requested mainframe service/s with the access token in the `OIDC-token` header.
-18. The service validates the `OIDC-token`. 
-19. The requested data is returned.
-20. The requested data is returned to the user agent.
+14. The API ML Gateway calls the requested mainframe service/s with the access token in the `OIDC-token` header. 
+15. The service validates the `OIDC-token`. 
+16. The requested data is returned.
+17. The requested data is returned to the user agent.
 
 ## Prerequisites
 
@@ -230,6 +231,7 @@ For more information about the Zowe CLI Identity Federation Plug-in, see the [RE
 
  In the zowe.yaml file, configure the following properties:
 
+
 - **components.gateway.apiml.security.oidc.enabled**  
    Specifies the global feature toggle. Set the value to `true` to enable OIDC authentication functionality.
 
@@ -263,6 +265,21 @@ For more information about the Zowe CLI Identity Federation Plug-in, see the [RE
     https://${ZWE_haInstance_hostname}:${GATEWAY_PORT}/zss/api/v1/certificate/dn
     ```
 
+**Example for OKTA:**
+
+```yaml
+components:
+ gateway:
+   apiml:
+     security:
+       oidc:
+         enabled: true
+         registry: zowe.org
+         validationType: JWK
+         jwks:
+           uri: https://okta.com/oauth2/api/v1/keys
+
+```
 ## Troubleshooting
 
 ### API ML fails to validate the OIDC access token with the Distributed Identity Provider

diff --git a/docs/images/api-mediation/apiml-oidc-auth-seq.png b/docs/images/api-mediation/apiml-oidc-auth-seq.png