VMware Telco Cloud Service Assurance : Unable to add or modify role via API in TCSA UI
search cancel

VMware Telco Cloud Service Assurance : Unable to add or modify role via API in TCSA UI

book

Article ID: 345119

calendar_today

Updated On:

Products

VMware VMware Telco Cloud Service Assurance

Issue/Introduction

To highlight issue faced with role management when configuration for respective Clients is incorrect/disabled in TCSA KeyCloak Admin Console.


Symptoms:

Unable to add or edit roles via API in TCSA UI. UI session gets expired after clicking on add/edit role and redirects to TCSA login page. Issue with user group API failing/error "failed to process request, cause getRealmUserGroups : exception while reading user-groups from realm" is observed as well. 


Environment

VMware Telco Cloud Service Assurance 2.3

Cause

Required configuration for "Service Accounts Enabled" and "Realm Management" for Clients in KeyCloak Admin Console was not enabled/configured. 

Resolution

Users are recommended to verify below configurations in TCSA UI:

1. Ensure "Service Accounts Enabled" option is enabled (set to ON) for apiservice user. It is available in NGINX->Clients->apiservice->Apiservice->Settings tab in KeyCloak Admin Console. 

2. Open KeyCloak Admin Console, navigate to Clients tab->Service Account Roles->Service Account Roles->Client Roles, under Client Roles drop down, select "realm management" and add all "Available Roles" to "Assigned Roles" and "Effective Roles".

3. User should be successfully able to create or modify roles via API in TCSA UI now.


Additional Information

Impact/Risks:

Users are unable to add or modify roles in TCSA UI.