Logging into the management portal with the SSO login option fails on the Cloud Director Availability appliances
Article ID: 315163
Updated On:
Products
VMware Cloud Director
Issue/Introduction
Symptoms:
- Logging into the Cloud Director Availability appliances with the SSO login option fails when using an SSO or AD/LDAP user, and you see an error similar to:
An attempt is made to use an administrators-only authentication scheme by a non-administrator user.
- In /opt/vmware/h4/<cloud|manager|replicator|tunnel>/log/<cloud|manager|replicator|tunnel>.log on the Cloud Director Availability appliance you see similar messages:
2020-06-30 11:42:30.368 DEBUG - [UI-########-####-####-####-########02bb-Ym] [https-jsse-nio-8443-exec-11] c.v.h4.cloud.config.SecurityConfig$1 : Request is to process authentication
2020-06-30 11:42:30.597 INFO - [UI-########-####-####-####-########02bb-Ym] [https-jsse-nio-8443-exec-11] c.v.identity.token.impl.SamlTokenImpl : SAML token for SubjectNameId [[email protected], format=http://schemas.xmlsoap.org/claims/UPN] successfully parsed from Element
2020-06-30 11:42:30.612 INFO - [UI-########-####-####-####-########02bb-Ym] [https-jsse-nio-8443-exec-11] c.v.v.s.c.impl.SecurityTokenServiceImpl : Successfully acquired token for user: [email protected]
2020-06-30 11:42:30.612 ERROR - [UI-########-####-####-####-########02bb-Ym] [https-jsse-nio-8443-exec-11] c.vmware.h4.cloud.security.SessionUtil : An attempt is made to use an administrators-only authentication scheme by a non-administrator user: [email protected]
2020-06-30 11:42:30.597 INFO - [UI-########-####-####-####-########02bb-Ym] [https-jsse-nio-8443-exec-11] c.v.identity.token.impl.SamlTokenImpl : SAML token for SubjectNameId [[email protected], format=http://schemas.xmlsoap.org/claims/UPN] successfully parsed from Element
2020-06-30 11:42:30.612 INFO - [UI-########-####-####-####-########02bb-Ym] [https-jsse-nio-8443-exec-11] c.v.v.s.c.impl.SecurityTokenServiceImpl : Successfully acquired token for user: [email protected]
2020-06-30 11:42:30.612 ERROR - [UI-########-####-####-####-########02bb-Ym] [https-jsse-nio-8443-exec-11] c.vmware.h4.cloud.security.SessionUtil : An attempt is made to use an administrators-only authentication scheme by a non-administrator user: [email protected]
Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
Environment
VMware Cloud Director Availability 4.x
VMware vCloud Availability 3.0.x
VMware vCloud Availability 3.5.x
VMware vCloud Availability 3.0.x
VMware vCloud Availability 3.5.x
Cause
This issue occurs when the user account used to connect to the Cloud Director Availability appliances are not members of the vCenter Single Sign-On Administrators group.
Resolution
To resolve this issue, add the user to the default vCenter Single Sign-On Administrators group.
For more information, see the Add Members to a vCenter Single Sign-On Group section of the vSphere documentation.
For more information, see the Add Members to a vCenter Single Sign-On Group section of the vSphere documentation.
Additional Information
For more information on user permission requirements in Cloud Director Availability, see the Users roles rights and sessions section.
Feedback
Yes
No
Powered by
