"Invalid Username and Password" when trying to login to Embedded Harbor registry
search cancel

"Invalid Username and Password" when trying to login to Embedded Harbor registry

book

Article ID: 345294

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:
* User returned "Invalid Username and Password" when trying to login to Harbor registry
* The harbor core pod logs the following:
YYYY-MM-DDTHH:MM.SSSZ [ERROR] [/pkg/authproxy/http.go:50]: fail to POST auth request, Post https://##.##.##.##/wcp/tokenreview: http2: server sent GOAWAY and closed the connection; LastStreamID=1, ErrCode=ENHANCE_YOUR_CALM, debug=
YYYY-MM-DDTHH:MM.SSS [1;44m[D][0m [server.go:2774] | ##.##.##.##|[97;42m 200 [0m| 5.561496ms| match|[97;44m GET [0m /api/health r:/api/health
YYYY-MM-DDTHH:MM.SSSZ[ERROR] [/core/controllers/base.go:109]: Error occurred in UserLogin: Failed to authenticate user, due to error 'failed to do token review, error: Post https://##.##.##.##/wcp/tokenreview: http2: server sent GOAWAY and closed the connection; LastStreamID=1, ErrCode=ENHANCE_YOUR_CALM, debug=

Environment

VMware vCenter Server 7.0.x

Resolution

VMware Engineering is aware of the issue and  planned to be fixed soon. 

Workaround:
The workaround is to either use SSO user or use an AD user  who is not part of large number of groups

Additional Information

Impact/Risks:
The login issue is due to the size of the token being large. The increase in token size is proportional to the number of groups the user is part of.

Powered by Wolken Software