AD users see ""Failed to poll domain info: The header content contains invalid characters"" after logging into SDDC Manager UI
search cancel

AD users see ""Failed to poll domain info: The header content contains invalid characters"" after logging into SDDC Manager UI

book

Article ID: 317068

calendar_today

Updated On:

Products

VMware Cloud Foundation

Issue/Introduction

Symptoms:

When logging into the SDDC Manager with an AD user which has either a special character or space in their username or AD Group, the UI reports the following error message:

"Failed to poll domain info: The header content contains invalid characters"


Environment

VMware Cloud Foundation 3.5.x
VMware Cloud Foundation 3.7.x
VMware Cloud Foundation 2.x
VMware Cloud Foundation 3.0.x

Resolution

This is a know issue affecting VMware Cloud Foundation. There is currently no resolution.


Workaround:

To workaround this issue, complete the following steps to encode the user/group name.
  1.  SSH to SDDC Manager VM and log in with the vcf user. 
  2. Change to the root user by typing  su.
  3. Type the following command to edit  the gatewayService.js file.
vi /opt/vmware/vcf/sddc-manager-ui-app/server/src/services/gatewayService.js
  1. Add the following entry in line number 11:
const encodeUrl = require('encodeurl');
  1. Modify the following line to reflect the encodeUrl(upn) change in line 110:
proxyReqOpts.headers['USER-INFO'] = upn;

to

proxyReqOpts.headers['USER-INFO'] = encodeUrl(upn);
  1.  Modify the following line to reflect the encodeUrl(upn) change in line 113:
proxyReqOpts.headers['GROUP-INFO'] = _.join(group, ',');

to

proxyReqOpts.headers['GROUP-INFO'] = _.join(encodeUrl(group), ',');
  1. Press the ESCAPE button on the keyboard and type :wq to save the file.
  2. Type the following command to edit the util.js file:
vi /opt/vmware/vcf/sddc-manager-ui-app/server/src/services/util.js
  1. Add the following entry in line number 19:
const encodeUrl = require('encodeurl');
  1.  Modify the below line to reflect the encodeUrl change in line 185:
headers['USER-INFO'] = session.passport.user.upn;
                
to

headers['USER-INFO'] = encodeUrl(session.passport.user.upn);
  1. Modify the following line to reflect the encodeUrl change in line 188:
headers['GROUP-INFO'] = _.join(session.passport.user.group, ',');

to

headers['GROUP-INFO'] = _.join(encodeUrl(session.passport.user.group), ',');
  1. Press the ESCAPE button on the keyboard and type :wq to save the file.
  2. Restart sddc-manager-ui-app service to reload the changes
systemctl restart sddc-manager-ui-app
  1. At this point, confirm that the AD user can login successfully and the error is no longer reported


Powered by Wolken Software