I have an error on the log file as below. Has anyone encountered this error before?
[Tue Mar 07 13:25:18.073928 2023] [cgi:error] [pid 67979:tid 0000002B] [client 10.144.103.116:61957] ZSRV_MSG0108: Header from script is not valid. Bad header is Verified OK: File name is /QSYS.LIB/T0R3REST.LIB/R3R303MAIN.PGM
My script on httpd.conf is
ScriptAlias /env/QA/system/DSPJWT /QSYS.LIB/T0R3REST.LIB/R3R303MAIN.PGM
<Directory /QSYS.LIB/T0R3REST.LIB>
setenv QIBM_CGI_LIBRARY_LIST "QTEMP;T0R3REST;YAJL;QGPL"
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
SetEnv RSA_PUBLIC_KEY /home/A363323/keys/rs256.pub
Options +ExecCGI
order allow,deny
allow from all
</Directory>
I am trying to test OAUTH authentication for REST API via POSTMAN.
HTTPD.CONF Error on Script
Re: HTTPD.CONF Error on Script
This seems to indicate that the problem seems to be with the headers being set by the program in its response to the inbound request. Since you haven't shown any of the program logic it is hard to say what might be wrong.
Re: HTTPD.CONF Error on Script
Thanks for the reply Jon.
I figured it out. It having a stdout when validating using openSSL.
openSSLCommand = '/QOpenSys/usr/bin/openssl dgst ' +
'-verify ' + %trim(publicKeyPath) + ' ' +
'-keyform PEM -sha' + %subst(JWT.header.alg:3:3) +
' ' +
'-signature ' + %trim(signatureFileName) + ' ' +
'-binary ' + %trim(payloadFileName) + ' ' +
'>/dev/null 2>&1'; that do the fix
I figured it out. It having a stdout when validating using openSSL.
openSSLCommand = '/QOpenSys/usr/bin/openssl dgst ' +
'-verify ' + %trim(publicKeyPath) + ' ' +
'-keyform PEM -sha' + %subst(JWT.header.alg:3:3) +
' ' +
'-signature ' + %trim(signatureFileName) + ' ' +
'-binary ' + %trim(payloadFileName) + ' ' +
'>/dev/null 2>&1'; that do the fix