"Unable to validate response against any IDP Status code response is 92000" error when logging to vRA using domain accounts
search cancel

"Unable to validate response against any IDP Status code response is 92000" error when logging to vRA using domain accounts

book

Article ID: 317133

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:
  • A directory in vRealize Automation that was previously functional can no longer sync to the domain.
  • Attempting to log in with a domain account to the tenant redirects to an error page that states:

    Error
    Identity Manager encountered an error. Contact your admin and provide the information displayed below.

    Message
    An unexpected error occurred. If this error persists, please contact your administrator.

    Error Code
    500

    Server
    127.0.0.1

     
  • In the connector.log file, you see entries similar to:

    2017-01-23 13:18:19,472 INFO (tomcat-http--47) [[email protected];-;10.250.112.24] com.vmware.horizon.directory.ldap.LdapDirectoryService - Password-based authentication: [email protected] - SUCCESS
    2017-01-23 13:18:19,472 INFO (tomcat-http--47) [[email protected];-;10.250.112.24] com.vmware.horizon.adapters.passwordAdapter.PasswordIdpAdapter - Login: vra - SUCCESS

     
  • In the horizon.log file, you see entries similar to:

    2017-01-23 13:18:19,821 ERROR (tomcat-http--27) [VSPHERE.LOCAL;-;10.250.112.24;] com.vmware.horizon.service.controller.BaseController - Caught exception.
    com.tricipher.saas.exception.MyOneLoginFederationException: Unable to validate response against any IDP Status code response is 92000.
    at com.tricipher.saas.action.api.impl.AuthenticationServiceImpl.validateFederation(AuthenticationServiceImpl.java:1685)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:302)
    at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
    at com.sun.proxy.$Proxy290.validateFederation(Unknown Source)
    at com.vmware.horizon.service.controller.auth.LoginController.doFederationResponse(LoginController.java:1337)
 
Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.


Environment

VMware vRealize Automation 7.2.x
VMware vRealize Automation 7.6.x
VMware vRealize Automation 7.4.x
VMware vRealize Automation 7.5.x
VMware vRealize Automation 7.3.x
VMware vRealize Automation 7.1.x
VMware vRealize Automation 7.0.x

Cause

This issue occurs if there is a misalignment of the Identity Provider value specified in the directory with connector configuration.
 
To confirm this:
 
  1. Log in to the vRealize Automation UI with a local administrator account and navigate to Administration > Directories.
  2. Open the directory that is failing and record the value listed for Identity Providers.
  3. Open an SSH session to the vRealize Automation appliance and log in using root credentials.
  4. Navigate to /usr/local/horizon/conf/states/<tenantID>/<connectorID>/config-state.json

    Note: Replace <tenantID> with the tenant name, <connectorID> with the connector ID number. If you have a simple installation with one VA and one connector, this ID is 3001.
     
  5. Look for the section in the file labeled idp and look for the nested name field, this should be the same name that you see in the UI.
 

Resolution

To resolve this issue, recreate the directory which deletes the incorrect identity provider in the connector's configuration and create a new identity provider to coincide with the newly created directory.
 
  1. Take a backup or snapshot of the vRealize Automation appliance (s).
  2. Record the settings in the directory.
  3. In the vRealize Automation UI, go to Administration > Directories, select the directory and click Delete.
  4. Add a new directory using the settings recorded in step# 2.


Additional Information

You may also run into this issue if you recently performed the actions in KB2145438.