404 OK banner after configuring VMware Aria Orchestrator with vSphere Authentication with a default tenant other than vsphere.local
Article ID: 314885
Updated On:
Products
VMware Aria Suite
Issue/Introduction
Symptoms:
- 404 OK Red banner error after configuring Aria Orchestrator with vSphere Authentication with a default tenant other than vsphere.local
- The /var/log/services-logs/prelude/vco-app/file-logs/vco-server-app.log logfile contains a Failed to create IdP configuration error similar to:
2023-11-13T19:12:03.255Z ERROR vco [host='vco-app-85ff4698c4-9kt77' thread='http-nio-8280-exec-5' user='-' org='-' trace='-'] {} com.vmware.o11n.web.SameTenantContextFilter - Could not retrieve IDP configuration for tenant '<DomainName>' java.lang.IllegalStateException: Failed to create IdP configuration for tenant <DomainName>
Caused by: org.springframework.web.client.HttpClientErrorException$BadRequest: 400
Caused by: org.springframework.web.client.HttpClientErrorException$BadRequest: 400
Environment
VMware Aria Automation Orchestrator 8.x
Cause
The default tenant authentication configuration in VMware Aria Orchestrator needs to match whats configured as the System Domain in vSphere SSO. By default this is vsphere.local but it is possible to configure a custom System domain.
Note: setting the domain as the "Default" is not the same as setting a custom System Domain in vSphere SSO
Note: setting the domain as the "Default" is not the same as setting a custom System Domain in vSphere SSO
Resolution
- To resolve the issue enter the correct vSphere SSO System domain as the default tenant when configuring Aria Orchestrator with vSphere Authentication.
- Validate the vSphere SSO System domain by logging in to the vSphere client and navigating to Administration -> Single Sign On -> Configuration -> Identity provider -> Identity Sources.
- Login to the control center interface with the root user:
https://<OrchestratorFQDN>/vco-controlcenter
3. Navigate to Configure Authentication provider4. Enter the System Domain from step 1 for the default tenant field, vsphere.local from the example above and save the changes:
Note Changing the authentication provider settings initiates a restart of the Orchestrator services so it may take a few minutes before client is available again. The status of the restart can be monitored in the control center under the Validate Configuration section.
5. If the problem persists unregister the authentication provider and attempt steps 1-4 again.
5. If the problem persists unregister the authentication provider and attempt steps 1-4 again.
Feedback
Yes
No
Powered by
