V3 API Mediation Layer related cleanup (#3777)

* Fix information in Overview.

Signed-off-by: Jakub Balhar <[email protected]>

* Update image in Zowe Architecture

Signed-off-by: Jakub Balhar <[email protected]>

* Remove invalid statements from requirements

Signed-off-by: Jakub Balhar <[email protected]>

* Update User Roadmap for V3.

Signed-off-by: Jakub Balhar <[email protected]>

* Update caching service backend details

Signed-off-by: Jakub Balhar <[email protected]>

* Add information about current year Zowe webinars

Signed-off-by: Jakub Balhar <[email protected]>

* Reflect only valid methods from client side

Signed-off-by: Jakub Balhar <[email protected]>

* Clean security overview

Signed-off-by: Jakub Balhar <[email protected]>

* Fixed used code language

Signed-off-by: Jakub Balhar <[email protected]>

* Correct requirements for Contributing

Signed-off-by: Jakub Balhar <[email protected]>

* Remove unused parts.

Signed-off-by: Jakub Balhar <[email protected]>

* Add Infinispan properties

Signed-off-by: Jakub Balhar <[email protected]>

* Remove unused file

Signed-off-by: Jakub Balhar <[email protected]>

* Correct path

Signed-off-by: Jakub Balhar <[email protected]>

* Add OIDC related properties

Signed-off-by: Jakub Balhar <[email protected]>

* Add information about deprecation of VSAM

Signed-off-by: Jakub Balhar <[email protected]>

* Remove invalid option

Signed-off-by: Jakub Balhar <[email protected]>

* Remove unused article

Signed-off-by: Jakub Balhar <[email protected]>

* Remove unused article

Signed-off-by: Jakub Balhar <[email protected]>

* Remove wrong URLs

Signed-off-by: Jakub Balhar <[email protected]>

* Remove unused page

Signed-off-by: Jakub Balhar <[email protected]>

* Clearly state Infinispan as recommended backend and VSAM as Deprecated

Signed-off-by: Jakub Balhar <[email protected]>

* Clean API ML overview.

Signed-off-by: Jakub Balhar <[email protected]>

* Remove note of pre-req APAR

Signed-off-by: Jakub Balhar <[email protected]>

* Personal Access Tokens improvements for V3

Signed-off-by: Jakub Balhar <[email protected]>

* Update AT-TLS for V3

Signed-off-by: Jakub Balhar <[email protected]>

* Update Client Certificates details

Signed-off-by: Jakub Balhar <[email protected]>

* Add zaas to the java heap sizes
Remove properties mentioned in linked article

Signed-off-by: Jakub Balhar <[email protected]>

* Correct property using environment notation.

Signed-off-by: Jakub Balhar <[email protected]>

* Fix typo

Signed-off-by: Jakub Balhar <[email protected]>

* Remove V2 mentions

Signed-off-by: Jakub Balhar <[email protected]>

* Show configuration for zowe.yaml

Signed-off-by: Jakub Balhar <[email protected]>

* Remove mention of Jobs and Datasets

Signed-off-by: Jakub Balhar <[email protected]>

* Clarify the usage of the expired passsword.

Signed-off-by: Jakub Balhar <[email protected]>

* Update Client certificate for V3

Signed-off-by: Jakub Balhar <[email protected]>

* Proper default service id

Signed-off-by: Jakub Balhar <[email protected]>

* Fix errors in additional yaml configuration

Signed-off-by: Jakub Balhar <[email protected]>

* Correct admonitions
Correct abbreviations

Signed-off-by: Jakub Balhar <[email protected]>

* Use learn instead of discover

Signed-off-by: Jakub Balhar <[email protected]>

* Improve confusing message

Signed-off-by: Jakub Balhar <[email protected]>

* Use docusaurus admonition

Signed-off-by: Jakub Balhar <[email protected]>

* Update docs/user-guide/api-mediation/api-mediation-caching-service.md

Co-authored-by: Timothy Johnson <[email protected]>
Signed-off-by: Jakub Balhar <[email protected]>

* DCO Remediation Commit for Jakub Balhar <[email protected]>

I, Jakub Balhar <[email protected]>, hereby add my Signed-off-by to this commit: a999fda

Signed-off-by: Jakub Balhar <[email protected]>

---------

Signed-off-by: Jakub Balhar <[email protected]>
Signed-off-by: Jakub Balhar <[email protected]>
Co-authored-by: Timothy Johnson <[email protected]>

docs/appendix/zowe-yaml-configuration.md

@@ -442,13 +442,43 @@ These configurations can be used under the `components.gateway` section:
 - **`apiml.security.authorization.endpoint.url`**  
  Defines the URL to the authorization endpoint. This endpoint tells Gateway if a user has a particular permission on SAF profile. For example, permission to the `APIML.SERVICES` profile of `ZOWE` class.
 - **`apiml.security.ssl.verifySslCertificatesOfServices`**  
- Defines whether APIML should verify certificates of services in strict mode. Setting to `true` will enable the `strict` mode where APIML will validate if the certificate is trusted in turststore, and also if the certificate Common Name or Subject Alternate Name (SAN) matches the service hostname.
+ Defines whether APIML should verify certificates of services in strict mode. Setting to `true` will enable the `strict` mode where APIML will validate if the certificate is trusted in truststore, and also if the certificate Common Name or Subject Alternate Name (SAN) matches the service hostname.
 - **`apiml.security.ssl.nonStrictVerifySslCertificatesOfServices`**  
- Defines whether APIML should verify certificates of services in non-strict mode. Setting the value to `true` will enable the `non-strict` mode where APIML will validate if the certificate is trusted in turststore, but ignore the certificate Common Name or Subject Alternate Name (SAN) check. Zowe will ignore this configuration when strict mode is enabled with `apiml.security.ssl.verifySslCertificatesOfServices`.
+ Defines whether APIML should verify certificates of services in non-strict mode. Setting the value to `true` will enable the `non-strict` mode where APIML will validate if the certificate is trusted in truststore, but ignore the certificate Common Name or Subject Alternate Name (SAN) check. Zowe will ignore this configuration when strict mode is enabled with `apiml.security.ssl.verifySslCertificatesOfServices`.
 - **`apiml.server.maxConnectionsPerRoute`**  
  Specifies the maximum connections for each service.
 - **`apiml.server.maxTotalConnections`**  
  Specifies the total connections for all services registered under API Mediation Layer.
+- **`apiml.security.oidc.enabled`**  
+  Specifies the global feature toggle. Set the value to `true` to enable OIDC authentication functionality.
+
+- **`apiml.security.oidc.registry`**  
+  Specifies the SAF registry used to group the identities recognized as having an OIDC identity mapping. The registry name is the string used during the creation of the mapping between the distributed and mainframe user identities. For more information, see the [ESM configuration](#esm-configuration).
+
+- **`apiml.security.oidc.jwks.uri`**  
+  Specifies the URI obtained from the authorization server's metadata where the Gateway will query for the JWK used to sign and verify the access tokens.
+
+- **`apiml.security.oidc.jwks.refreshInternalHours`**  
+  Specifies the frequency in hours to refresh the JWK keys from the OIDC provider. Defaults to one hour.
+
+- **`apiml.security.oidc.identityMapperUser`**  
+  (Optional) If the userId is different from the default Zowe runtime userId (`ZWESVUSR`), specify the `identityMapperUser` userId to configure API ML access to the external user identity mapper.
+
+:::note
+
+User authorization is required to use the `IRR.RUSERMAP` resource within the `FACILITY` class. The default value is `ZWESVUSR`. Permissions are set up during installation with the `ZWESECUR` JCL or workflow. To authenticate to the mapping API, a JWT is sent with the request. The token represents the user that is configured with this property.
+
+:::
+
+- **`apiml.security.oidc.identityMapperUrl`**  
+  Defines the URL where the Gateway can query the mapping of the distributed user ID to the mainframe user ID.
+  This property informs the Gateway about the location of this API. ZSS is the default API provider in Zowe, but if you are using Zowe release 2.14 or a later version, we recommend you use the [API ML internal mapper](../../user-guide/authenticating-with-client-certificates.md#enabling-the-internal-api-ml-mapper). You can provide your own API to perform the mapping. In this case, it is necessary to customize this value.
+
+  The following URL is the default value for Zowe and ZSS:
+
+    ```
+    https://${ZWE_haInstance_hostname}:${GATEWAY_PORT}/zss/api/v1/certificate/dn
+    ```
 
 #### Configure component discovery
 
@@ -512,6 +542,18 @@ These configurations can be used under the `components.caching-service` section:
  Specifies eviction strategy to be used when the storage size is achieved.
 - **`storage.vsam.name`**  
  Specifies the data set name of the caching service VSAM data set.
+- **`storage.infinispan.initialHosts`**
+
+  This property specifies the list of cluster nodes (members). In case of multiple instances, the value for each Caching Service instance can be either a list of all the members, separated by a comma, or just the replica. The format is `${haInstance.hostname}[${zowe.components.caching-service.storage.infinispan.jgroups.port}]`. 
+
+- **`storage.infinispan.persistence.dataLocation`**
+
+  The path where the Soft-Index store keeps its data files for the Infinispan Soft-Index Cache Store.
+  The default value is `data`. If you run the Caching Service in Highly Available mode and the instances use the same filesystem, you have to specify a different value of the `CACHING_STORAGE_INFINISPAN_PERSISTENCE_DATALOCATION` property for each instance. For more information, see the [Soft-Index File Store](https://infinispan.org/blog/2014/10/31/soft-index-file-store).
+
+- **`storage.infinispan.jgroups.port`**
+
+  The port number used by Infinispan to synchronise data among caching-service instances.
 - **`storage.redis.masterNodeUri`**  
  Specifies the URI used to connect to the Redis master instance in the form `username:password@host:port`.
 - **`storage.redis.timeout`**  

docs/contribute/contributing.md

@@ -10,7 +10,7 @@ Before contributing a documentation change to the repository, you should be fami
 * Slack: The Zowe Documentation team communicates using the Slack application. To learn about Slack, refer to the [Slack Help Center](https://slack.com/help). The Zowe team is part of the [Open Mainframe Project](https://openmainframeproject.slack.com) channel.
 * Markdown Language: The Zowe documentation is written in Markdown language. To learn about Markdown, refer to  [The Markdown Guide](https://www.markdownguide.org/).
 
-In addition to being familiar with the Zowe community and how we work together, you will need to sign the CNCF Contributor License Agreement. The Contributor License Agreement defines the terms under which you contribute to Zowe documentation. Contributions to Zowe documentation are reviewed before being committed to the repository. Committing changes to the Zowe repository requires additional access rights. See https://github.com/zowe/community/blob/master/COMMITTERS.md. Also see Participating in Zowe Documentation for more details about roles and permissions.
+Contributions to Zowe documentation are reviewed before being committed to the repository. Commits needs to have Developer Certificate of Origin (DCO). Committing changes to the Zowe repository requires additional access rights. See https://github.com/zowe/community/blob/master/COMMITTERS.md. Also see Participating in Zowe Documentation for more details about roles and permissions.
 
 ## Getting started checklist
 

docs/contribute/guidelines-code/categories.md

@@ -17,9 +17,13 @@ For each area of the codebase, there are established and favored programming lan
 - **CLI** - Node.js, TypeScript
 - **Desktop UI** - Node.js, JavaScript
 - **APIs** - C, Assembler, Java, Spring
-- **API Mediation Layer** - Java, Spring
+- **API Mediation Layer** - Java, Spring, JavaScript
 
-**Note:** JavaScript is not recommended and should be avoided in favor of Typescript to utilize typing.
+:::note
+
+JavaScript is not recommended and should be avoided in favor of Typescript to utilize typing.
+
+:::
 
 ## Component-specific guidelines and tutorials