Symptoms:
- vIDM is used to login to the NSX-T managers.
- You have recently upgraded to 3.2.2.
- After the upgrade, you are unable to login using a vIDM account and are presented with the following error:
"Unauthorized","error_code":98"
- If you then open a new tab, it may allow you to login.
- The following error may be seen in log: /var/log/proxy/reverse-proxy.log
2023-01-06T06:02:38.247Z INFO grpc-default-executor-124 HttpClientUtil 77154 - [nsx@6876 comp="nsx-manager" level="INFO" subcomp="http"] Making request to http://127.0.0.1:6565/vidm-oauth2-login?error=access_denied&state=0VPoLq
2023-01-06T06:02:38.250Z INFO Processing request 76b27b59-8d98-####-####-########7a8 CustomOAuth2AuthorizationRequestRedirectFilter 77154 - [nsx@6876 comp="nsx-manager" level="INFO" subcomp="http"] OAuth2AuthorizationRequestRedirectFilter will be bypassed
2023-01-06T06:02:38.502Z INFO grpc-default-executor-124 HttpClientUtil 77154 - [nsx@6876 comp="nsx-manager" level="INFO" subcomp="http"] Request executed, response = HttpResponseProxy{HTTP/1.1 401 [Set-Cookie: JSESSIONID=FF10xxxxxxxx1238; Path=/; Secure; HttpOnly; SameSite=Strict, Cache-Control: no-cache, no-store, max-age=0, must-revalidate, Pragma: no-cache, Expires: 0, X-XSS-Protection: 1; mode=block, X-Frame-Options: SAMEORIGIN, X-Content-Type-Options: nosniff, Content-Type: application/json;charset=UTF-8, Content-Length: 79, Date: Fri, 06 Jan 2023 06:02:38 GMT, Keep-Alive: timeout=60, Connection: keep-alive] ResponseEntityProxy{[Content-Type: application/json;charset=UTF-8,Content-Length: 79,Chunked: false]}}
Note: The above line is not always an indication you are encountering this issue, it may be due to other reasons.
<CookieProcessor sameSiteCookies="strict" />