Internal Server Error when logging into Service Broker
book
Article ID: 326093
calendar_today
Updated On:
Products
VMware Aria Suite
Issue/Introduction
Symptoms:
When using embedded vRealize Orchestrator (vRO), logging in directly to vRO the following issues occur
User logs into Service Broker then attemptsto view catalog items and sees an error similar to
Internal Server Error [Error Reference ID: GUID] error
IPAM allocation fails with
Error: IP ALLOCATE failed: Failed to obtain auth credentials from /core/auth/credentials/0961b0e9-5d57-8c8c-9fbb33c4f7dc: {'content': b'ClientResponse has erroneous status code: 404 Not Found. WebClientServiceResponseException.ErrorDetails
vRO logins does not store the accessToken within the sessionService. vRO and vRA both store access tokens in the browser cookies with one and the same key: csp-auth-token. As a result, once a user logs in through vRO and switches to vRA or have vRA opened in a new tab, then vRA uses the accessToken which was generated by vRO login flow (taken from the cookies). That token is not stored within the session-service at all because vRO login flow does not call session-service.
The issue is most commonly found in the IPAM IP allocation logic when IPAM tries to access the token from the session-service. This also causes visibility problems in the case where the user is not a Cloud Admin when the user token is not stored in session-service DB and user groups cannot be retrieved.
Note: This issue can appear in other situations unrelated to IPAM integrations.
Resolution
This issue is resolved in VMware vRealize Automation 8.10.0 and above.
Workaround: The user should logout and close all open browser tabs then login directly to vRA using the following URL: https://vraFQDN
Additional Information
Impact/Risks: No changes are required after upgrading to vRA 8.10.0 and above.