Merge pull request #3509 from zowe/janan07-links-in-sso-for-clients

link fixes

docs/user-guide/api-mediation/configuration-authorization.md

@@ -5,5 +5,5 @@
 
 In Zowe's API Mediation Layer, system administrators can limit access to services and information in the API Catalog by hiding sensitive data like service instance URLs, configurable via the apiml.catalog.hide.serviceInfo property in zowe.yaml. Additionally, SAF resource checking for user authorization on specific endpoints is facilitated through various providers, such as Endpoint, Native, and Dummy. These configurations, modifiable in the zowe.yaml file, enhance security by controlling service exposure and ensuring proper authorization checks within the Zowe ecosystem.
 
-- [Limiting access to information or services in the API Catalog](./configuration-limiting-access-to-info-or-services-in-api-catalog)
-- [Configuring SAF resource checking](./configuration-saf-resource-checking)
+- [Limiting access to information or services in the API Catalog](./configuration-limiting-access-to-info-or-services-in-api-catalog.md)
+- [Configuring SAF resource checking](./configuration-saf-resource-checking.md)

docs/user-guide/api-mediation/configuration-cors.md

@@ -3,7 +3,7 @@
 :::info Role: system programmer
 :::
 
-As a system programmer, you can enable the Gateway to terminate CORS requests for itself and also for routed services. By default, Cross-Origin Resource Sharing (CORS) handling is disabled for Gateway routes `gateway/api/v1/**` and for individual services. After enabling the feature as stated in the following procedure, API Gateway endpoints start handling CORS requests. Individual services can control whether they want the Gateway to handle CORS for them through the [Custom Metadata](../../extend/extend-apiml/onboard-spring-boot-enabler/#custom-metadata) parameters.
+As a system programmer, you can enable the Gateway to terminate CORS requests for itself and also for routed services. By default, Cross-Origin Resource Sharing (CORS) handling is disabled for Gateway routes `gateway/api/v1/**` and for individual services. After enabling the feature as stated in the following procedure, API Gateway endpoints start handling CORS requests. Individual services can control whether they want the Gateway to handle CORS for them through the [Custom Metadata](../../extend/extend-apiml/onboard-spring-boot-enabler/#custom-metadata.md) parameters.
 
 When the Gateway handles CORS on behalf of the service, the Gateway sanitizes the following defined headers from the communication (upstream and downstream) in the following comma -separated list:
 ```

docs/user-guide/api-mediation/configuration-customizing-management-of-apiml-load-limits.md

@@ -5,9 +5,9 @@
 
 As a system programmer, you can customize your configuration for how API ML manages both northbound and southbound load limits in single instances:
 
- * To change the number of concurrent connections per route passing through the API Gateway, see [Customizing connection limits](./configuration-connection-limits).
+ * To change the number of concurrent connections per route passing through the API Gateway, see [Customizing connection limits](./configuration-connection-limits.md).
 
- * To change the global Gateway timeout value for the API ML instance, see [Customizing Gateway timeouts](./configuration-gateway-timeouts).
+ * To change the global Gateway timeout value for the API ML instance, see [Customizing Gateway timeouts](./configuration-gateway-timeouts.md).
 
  * Also see the following properties in API Gateway configuration parameters: 
     * `server.maxTotalConnections`

docs/user-guide/api-mediation/configuration-enable-single-sign-on-extenders.md

@@ -5,8 +5,8 @@
 
 Enabling Single Sign On (SSO) in Zowe involves configuring JWT tokens or PassTickets for secure authentication. The JWT token configuration requires setting up a custom HTTP header to store the token, thereby enhancing secure communication with southbound services. 
 
-For more information, see [Enabling single sign on for extending services via JWT token configuration](./configuration-extender-jwt).
+For more information, see [Enabling single sign on for extending services via JWT token configuration](./configuration-extender-jwt.md).
 
 PassTicket configuration, alternatively, allows services that do not natively support JWT tokens or client certificates to authenticate via the API Gateway. This authentication process requires the activation of PassTicket support, recording the APPLID, and configuring the Zowe started task user ID. Additionally, custom HTTP headers can be set up for PassTickets and user IDs, ensuring secure and streamlined access within the Zowe ecosystem.
 
-For more information, see [Enabling single sign on for extending services via PassTicket configuration](./configuration-extender-passtickets).
+For more information, see [Enabling single sign on for extending services via PassTicket configuration](./configuration-extender-passtickets.md).

docs/user-guide/api-mediation/configuration-jwt.md

@@ -50,7 +50,7 @@ Authorization is used to set the access rights of an entity.
 In the API ML, authorization is performed by any of the following z/OS security managers:
 * [ACF2](https://www.broadcom.com/products/mainframe/identity-access/acf2)
 * [IBM RACF](https://www.ibm.com/support/knowledgecenter/zosbasics/com.ibm.zos.zsecurity/zsecc_042.htm)
-*  [Top Secret](https://www.broadcom.com/products/mainframe/identity-access/top-secret). 
+* [Top Secret](https://www.broadcom.com/products/mainframe/identity-access/top-secret). 
 
 An authentication token is used as proof of valid authentication. The authorization checks, however, are always performed by the z/OS security manager.
 

docs/user-guide/api-mediation/configuration-limiting-access-to-info-or-services-in-api-catalog.md

@@ -14,7 +14,7 @@ Choose from the following use cases:
 
 * The API ML can check for the authorization of the user on certain endpoints. Access to a SAF resource is checked via an External Security Manager (ESM).
 
-    See the section [SAF Resource Checking](#saf-resource-checking).
+    See the article [SAF Resource Checking](./configuration-saf-resource-checking.md).
 
 ## Hide service information
 

docs/user-guide/api-mediation/configuration-personal-access-token.md

@@ -10,4 +10,4 @@ Use the following procedure to enable personal access tokens.
 2. Find or add the property with the value `components.gateway.apiml.security.personalAccessToken.enabled: true`.
 3. Restart Zowe.
 
-For more information about using personal access tokens, see [Authenticating with a Personal Access Token](./authenticating-with-personal-access-token).
+For more information about using personal access tokens, see [Authenticating with a Personal Access Token](./authenticating-with-personal-access-token.md).

docs/user-guide/api-mediation/configuration-routing.md

@@ -7,32 +7,32 @@ The Zowe API Mediation Layer offers a range of routing configurations for enhanc
 
 You can customize your configuration for how API ML manages both northbound and southbound load limits in single instances, including changing the number of concurrent connections per route passing through the API Gateway, and changing the global Gateway timeout value for the API ML instance.
 
-To change the number of concurrent connections per route passing through the API Gateway, see [Customizing connection limits](./configuration-connection-limits).
+To change the number of concurrent connections per route passing through the API Gateway, see [Customizing connection limits](./configuration-connection-limits.md).
 
-To change the global Gateway timeout value for the API ML instance, see [Customizing Gateway timeouts](./configuration-gateway-timeouts).
+To change the global Gateway timeout value for the API ML instance, see [Customizing Gateway timeouts](./configuration-gateway-timeouts.md).
 
 Also see the following properties in API Gateway configuration parameters: 
 * `server.maxTotalConnections`
 * `server.maxConnectionsPerRoute`
 
 Customizing CORS enables the Gateway to handle Cross-Origin Resource Sharing requests, while settings for encoded slashes and unique cookie names cater to specific operational needs of onboarding applications and multiple Zowe instances.
 
-For more information, see [Customizing Cross-Origin Resource Sharing (CORS)](./configuration-cors)
+For more information, see [Customizing Cross-Origin Resource Sharing (CORS)](./configuration-cors.md)
 
-To onboard applications which expose endpoints that expect encoded slashes, see [Using encoded slashes](./configuration-url-handling)
+To onboard applications which expose endpoints that expect encoded slashes, see [Using encoded slashes](./configuration-url-handling.md)
 
 The Gateway retry policy, customizable through zowe.yaml, optimizes request handling, which can be especially useful in high availability scenarios.
 
-To customize the Gateway retry policy, see [Customizing Gateway retry policy](./configuration-gateway-retry-policy).
+To customize the Gateway retry policy, see [Customizing Gateway retry policy](./configuration-gateway-retry-policy.md).
 
 Additionally, API ML supports specific instance access and load balancer cache distribution, improving service identification and scalability. These configurations, including service ID adjustments for compatibility with Zowe v2, demonstrate Zowe's adaptability and robustness in API management.
 
-To configure a unique cookie name for each instance to prevent overwriting of the default cookie name in the case of multiple Zowe instances, or for more complex deployment strategies, see [Configuring a unique cookie name for a specific API ML instance](./configuration-unique-cookie-name-for-multiple-zowe-instances).
+To configure a unique cookie name for each instance to prevent overwriting of the default cookie name in the case of multiple Zowe instances, or for more complex deployment strategies, see [Configuring a unique cookie name for a specific API ML instance](./configuration-unique-cookie-name-for-multiple-zowe-instances.md).
 
-To determine which service instance is being called, you can customize the Gateway to output a routed instance header. For more information, see [Retrieving a specific service within your environment](./configuration-access-specific-instance-of-service).
+To determine which service instance is being called, you can customize the Gateway to output a routed instance header. For more information, see [Retrieving a specific service within your environment](./configuration-access-specific-instance-of-service.md).
 
-To distribute the load balancer cache between instances of the API Gateway, see [Distributing the load balancer cache](./configuration-distributed-load-balancer-cache).
+To distribute the load balancer cache between instances of the API Gateway, see [Distributing the load balancer cache](./configuration-distributed-load-balancer-cache.md).
 
-To modify the service ID to ensure compatibility of services that use a non-conformant organization prefix with Zowe v2, see [Setting a consistent service ID](./configuration-set-consistent-service-id).
+To modify the service ID to ensure compatibility of services that use a non-conformant organization prefix with Zowe v2, see [Setting a consistent service ID](./configuration-set-consistent-service-id.md).
 
 

docs/user-guide/api-mediation/configuration-single-sign-on-user.md

@@ -7,12 +7,12 @@ As a system programmer or system administrator, you can customize the way API ML
 
 * One method to minimize the frequency of re-entering credentials is via Gateway client certificate authentication, whereby you can use a client certificate as the method of authentication for the API Mediation Layer Gateway. 
 
- For more information, see [Enabling single sign on for clients via client certificate configuration](./configuration-client-certificates).
+ For more information, see [Enabling single sign on for clients via client certificate configuration](./configuration-client-certificates.md)
 
 * Another method to minimize the frequency of entering credentials is to use API Mediation Layer to generate, validate, and invalidate a Personal Access Token (PAT). This method enables access to tools such as VCS without having to use credentials of a specific person. The use of PAT does not require storing mainframe credentials as part of the automation configuration on a server during application development on z/OS.
 
- For more information, see [Enabling single sign on for clients via personal access token configuration](./configuration-personal-access-token). 
+ For more information, see [Enabling single sign on for clients via personal access token configuration](./configuration-personal-access-token.md). 
 
  * Minimizing re-entering user credentials can also be performed via the JWT token refresh endpoint. Enabling the refresh endpoint allows you to exchange a valid JWT token for a new token with a new expiration date.
 
- For more information, see [Enabling single sign on for clients via JWT token configuration](./configuration-jwt).
+ For more information, see [Enabling single sign on for clients via JWT token configuration](./configuration-jwt.md).