VMware Identity Manager - Getting unexpected error when trying to access the config page and/or unable to authenticate domain users through VIDM
search cancel

VMware Identity Manager - Getting unexpected error when trying to access the config page and/or unable to authenticate domain users through VIDM

book

Article ID: 336784

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Fix the Appliance Configurator page loading issue in vIDM on port 8443.
Fix the VIDM login issue for domain users.


Symptoms:

1. VMware Identity Manager is not working correctly and getting an unexpected error / Partial load with red line in the middle of the Configurator page when trying to access it.

2. Domain users are unable to authenticate through VIDM and get the below error: 
HttpClient received 403 response while trying to get metadata


 

Environment

VMware Identity Manager 3.3.x

Resolution

 Permission and ownership of the files under the conf folder should be owned by the horizon user,

The conf folder can be located at /opt/vmware/certproxy/conf

Permissions for the conf folder can be validated using the command : 
ls -l /opt/vmware/certproxy/

Output:

dr-xr-x--- 2 horizon www 4096 Jul 20 13:28 bin
drwxr----- 2 horizon www 4096 Jan 22 2021 conf
dr-xr-x--- 2 horizon www 4096 Jul 20 13:28 lib


Permissions for the files inside the conf folder can be validated using the command :
ls -l /opt/vmware/certproxy/conf/

Output: 

-rw-r----- 1 horizon www 184 Jan 22 2021 cert-proxy-ehcache.xml
-rw-r----- 1 horizon www 1592 Jan 22 2021 cert-proxy-log4j.properties
-rw-r----- 1 horizon www 1506 Jan 22 2021 cert-proxy.properties
-rw-r----- 1 horizon www 1506 Jan 22 2021 cert-proxy.properties.bk
-r-------- 1 horizon www 611 Jan 22 2021 idm_fips.security

 


Workaround:

Ensure you have a snapshot of the vIDM appliance before proceeding.

If the ownership of the files are pointed to the sshuser or root user as shown in the below log snippet. The ownership needs to be re-assigned to the horizon user.

dr-xr-x--- 2 horizon www 4096 Jul 20 13:28 bin
drwxr----- 2 sshuser www 4096 Jan 22 2021 conf
dr-xr-x--- 2 horizon www 4096 Jul 20 13:28 lib


To correct the ownership of the conf folder and files in it, run the below commands: 

chown horizon:www /opt/vmware/certproxy/conf 
chown horizon:www /opt/vmware/certproxy/conf/cert-proxy-ehcache.xml
chown horizon:www /opt/vmware/certproxy/conf/cert-proxy-log4j.properties
chown horizon:www /opt/vmware/certproxy/conf/cert-proxy.properties
chown horizon:www /opt/vmware/certproxy/conf/cert-proxy.properties.bk
chown horizon:www /opt/vmware/certproxy/conf/idm_fips.security


 

 

Additional Information

Impact/Risks:

The Appliance configurator page (CFG) does not load
EXAMPLE: https://idm-fqdn:8443/cfg
hence no operations can be performed related to the Appliance configurator.
Domain users are unable to authenticate to various services like vRA,vRLCM etc via VIDM. 
 

 

Powered by Wolken Software