Hi Wendell,
I apologize that you are having trouble saving the credentials. The
steps you are taking are not intended. It should be a lot easier to use. When
the panel runs, it should be starting by using the current RACF Userid to find
the home directory, and look for the ~/gdk/providers/ directory. All files in
there that end with .json should be displayed. (If you are on 2.5, it will only
show 9 entries. On z/OS 3.1 we expanded that to 18.) It sounds like the REXX
and C code is not finding the AZURE.json provider file in your home directory,
or even in the /usr/lpp/dfsms/gdk/providers/ directory. Previously, I've seen
strange behavior for one user that was pasting the Azure secret key, and for
some reason, the wrap of the text was adding a blank character, resulting in
the credentials not being able to be used.
In OA65990, I added the functionality for GDKUTIL to save credentials
via the CREDENTIALS(ADD) command. It allows you to put the credentials into a
file or data set, and tell GDKUTIL to save the credentials it reads from the
file. I put an example in the DFSMSdfp Utilities manual (example 9)
https://www.ibm.com/docs/en/zos/3.2.0?topic=examples-example-9-new-default-credentials-cloud1-provider
Sincerely,
Andrew Wilt
DFSMSdfp CDA (Cloud Data Access) Product Owner
IBM Z Content Solutions | IBM z/OS Cloud Data Access
z/OS DFSMS Community
-----Original Message-----
From: IBM Mainframe Discussion List <[email protected]> On Behalf Of
Wendell Lovewell
Sent: Friday, February 20, 2026 8:06 AM
To: [email protected]
Subject: [EXTERNAL] Re: Help configuring GDKUTIL on system with no crypto
processor
Hi Vince.
I've been struggling with this same issue, except I'm using Azure.
I was able to get the ~/gdk/config.json file generated by editing the ISPF
panels called when you start EX 'SYS1.SAXREXEC(GDKAUTHP)'
I had to (as best I can tell) hard-code 'AZURE' as the value for &GDKPROV in
the CLIST code, and GDKPROV in the REXX code.
I ended up changing the initial panel SYS1.DFQPLIB(GDKAUTHP) for it to display
AZURE as an option to select and to display as the "Provider".
(Fwiw, it appears I might have gotten this to work by copying my modified
AZURE.json file into /usr/lpp/dfsms/gdk/providers.)
For Azure, the next panel is SYS1.DFQPLIB(GDKAUAZ). I had to make similar
changes to it.
Azure uses an 88-byte key, which was difficult to enter into a dark field.
When I got the 117 errors, it seemed I'd entered the key incorrectly. I ended
up hard-coding it into the GDKAUAZ panel too.
I do think there are issues IBM should resolve here, but they said I didn't
have support & wouldn't help.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to
[email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
