Unable to authenticate local user configadmin VMware Aria Automation with username and password 'configadmin'
search cancel

Unable to authenticate local user configadmin VMware Aria Automation with username and password 'configadmin'

book

Article ID: 370296

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

 

Conditions of issue:

  • The VMware Identity Manager local user, Default Configuration Admin was recently changed.
  • There are Aria Orchestrator workflows that use 'configadmin' as the credentials to authorize and generate API tokens.
  • Aria Suite LCM Content Management is used for product content endpoints.

 

 

Symptoms:

 

After applying a reset password operation on the local identity manager 'configadmin'  account per https://knowledge.broadcom.com/external/article/322712/resetting-vmware-identity-manager-defaul.html , there is behavior observed in three log file locations.

1. Identity Manager VA , path file /opt/vmware/horizon/workspace/logs/connector.log may contain 

"com.vmware.horizon.federationbroker.userpasswordvalidationservice - Unable to authenticate local user configadmin for tenant XXXXXX: error.invalidCredentials"

 

2. Aria Orchestrator VA , path file /services-logs/prelude/vco-app/file-logs/vco-server-app.log may contain 

"com.vmware.o11n.web.auth.http.VcoTokenAuthenticationProvider - Authentication failed for user: configadmin msg: Can not login in VMware Aria Automation with username and password"

 

3. Aria Automation VA, path file /services-logs/prelude/identity-service-app/file-logs/identity-service-app.log may contain 

"error": "invalid_grant"

"error_description": "Invalid username or password"

status code: 400 BAD_REQUEST

 



Environment

Aria Automation 8.x

Aria Orchestrator 8.x

Identity Manager 3.3.x

Aria Suite Lifecycle Manager 8.x

Cause

 

  • Inside Aria Suite LCM , when a product 'environment' is managed and installed using the  'default admin' or  'configadmin' account , the credentials are used for endpoint Content Management
  • These endpoints can no longer authenticate if the default config admin password is changed.
  • If you delete the endpoints , Aria Suite LCM identifies that its missing and it recreates it, locking out the 'configadmin'  for other Aria Products. 

Resolution

Verify and check all Content Endpoints inside Aria Suite LCM UI

For Example:

Content Management  > Endpoints > Edit Endpoint > Modify Credentials 

 

 

Additional Information

The information in this article can be observed after applying a reset password operation on the local identity manager 'configadmin'  account.

https://knowledge.broadcom.com/external/article/322712/resetting-vmware-identity-manager-defaul.html

Powered by Wolken Software