ZAC 4.2.0 does not resolve routers in policies and shows empty Terminators columns

frustrada1234 · May 26, 2026, 7:25am

Hi OpenZiti team,

We are having an issue with ZAC after upgrading.

Environment:

OpenZiti controller: openziti/ziti-controller:2.0.0
OpenZiti router: openziti/ziti-router:2.0.0
ZAC: openziti/zac:latest, currently showing version 4.2.0
Deployment: Docker Compose

Everything works correctly from the CLI.

For example, if I create or update a service edge router policy from the CLI, the command works correctly:

ziti edge update service-edge-router-policy <policy-id> \
  --name <service-edge-router-policy-name> \
  --edge-router-roles '@<edge-router-name>' \
  --service-roles '#<service-role>' \
  --semantic AnyOf

Then, when I list the policy from CLI, it is shown correctly:

<service-edge-router-policy-name>
SERVICE ROLES: #<service-role>
EDGE ROUTER ROLES: @<edge-router-name>

However, when I open the same policy in the ZAC web interface and check the JSON view, it appears with @undefined:

{
  "name": "<service-edge-router-policy-name>",
  "appData": "",
  "edgeRouterRoles": [
    "@undefined"
  ],
  "serviceRoles": [
    "#<service-role>"
  ],
  "semantic": "AnyOf",
  "tags": {}
}

So the policy works correctly from CLI and is listed correctly from CLI, but ZAC displays it incorrectly in the web JSON view.

The same behavior also happens with Edge Router Policies: CLI lists the correct router and identity roles, but the ZAC JSON view shows @undefined.

In addition, from the ZAC web interface, the routers do not appear correctly in the selector when creating or editing these policies. Even if I manually type the router name, ZAC does not detect it as an existing router, although the router is correctly registered and listed from the CLI. Because of this, I can only assign the router correctly using the CLI.

We also see an issue in the Terminators page. ZAC loads the table and pagination, and the Created At column is populated, but the rest of the columns appear empty:

Address
Router Name
Router ID
Service Name
Service ID

From CLI, terminators list correctly.

So the OpenZiti configuration seems to be working correctly. The issue appears to be only in ZAC 4.2.0 web UI: it displays @undefined in the JSON view for router policies and service edge router policies, does not detect existing routers in the policy selectors, and the Terminators page shows empty columns even though CLI output is correct.

Is this a known issue with ZAC 4.2.0 and OpenZiti controller 2.0.0?

Is there a recommended ZAC version for OpenZiti 2.0.0, or should we downgrade to another ZAC version?

Thanks.

frustrada1234 · May 26, 2026, 9:39am

The issue has just appeared again while creating a new service from ZAC. The router was created, registered, and online, and it appeared correctly from the CLI. However, when creating a new service from the web interface, the router did not appear in the selector when selecting the host router. Even when typing the name manually, ZAC did not detect it as existing. Because of that, I had to create/associate the service through the CLI. After that, policy-advisor showed the service as correctly configured.

Topic		Replies	Views
ZAC issue- not loading Support	7	48	April 28, 2025
Issues regarding Management API over Ziti cli Ziti Overlay	8	48	July 6, 2024
Why does the dashboard show two routers?	4	148	September 3, 2023
Issues after going dark + upgrade General Questions	17	397	October 21, 2023
Want to know more about Ziti concepts General Questions	3	660	May 1, 2022

ZAC 4.2.0 does not resolve routers in policies and shows empty Terminators columns

Related topics