already exists for tenant CUSTOMER
".Could not create indirect identity provider: Identity provider with ID ##-##-##-##-## and name <Identity Provider Type Name> already exists for tenant <tenant name>
Failed to delete usergroup directory with ID ##-##-##-##-## for tenant customer on host <vCenter FQDN>
To resolve this issue, delete the stale identity provider configurations by following the below steps:
curl -k --request POST --url https://vCenter_FQDN/rest/com/vmware/cis/session -u '[email protected]:<Admin Password>'
curl -k --location --request GET 'https://vCenter_FQDN/api/vcenter/identity/authbrokeridp' --header 'vmware-api-session-id: <SESSION ID>'
Note: Replace <SESSION ID>
with the id from Step 2
Sample Response:
{
"summary_list": [
{
"idp": "#####-####-####-####-#######", --------------> IDP UUID
"name": "Azure AD",
"tenant_type": "CUSTOMER",
"activation_state": "PRIMARY_ACTIVE",
"primary_broker_discovery_endpoint": "https://<fqdn>:443/acs/t/customer/.well-known/openid-configuration"
}
]
}
curl -k --request DELETE 'https://vCenter_FQDN/api/vcenter/identity/authbrokeridp/<IDP UUID>' --header 'vmware-api-session-id: <SESSION ID>'
<IDP UUID>
with the ID from Step 3 and <SESSION ID>
with the session id from Step 2.curl -k --location --request GET 'https://vCenter_FQDN/api/vcenter/identity/authbrokeridp' --header 'vmware-api-session-id: <SESSION ID>'
Note: Replace <SESSION ID>
with the id from Step 2
curl -k --request GET 'https://vCenter_FQDN/rest/vcenter/identity/providers' --header 'vmware-api-session-id: <SESSION ID>'
curl -k --request DELETE 'https://vCenter_FQDN/rest/vcenter/identity/providers/<Provider ID>' --header 'vmware-api-session-id: <SESSION ID>'
<Provider ID>
with the Provider ID returned by Step 7curl -k --request GET 'https://vCenter_FQDN/rest/vcenter/identity/providers' --header 'vmware-api-session-id: <SESSION ID>'
curl -k --location --request GET 'https://vCenter_FQDN/api/vcenter/identity/broker/tenants/CUSTOMER/admin-client' --header 'vmware-api-session-id: <SESSION ID>'
curl -kv --request GET 'https://vCenter_FQDN/usergroup/t/CUSTOMER/broker/directories' \ --header 'Authorization: Bearer <ACCESS TOKEN>' | jq
<ACCESS TOKEN>
using the token from Step 10.Sample Response:
{
"items": [
{
"_links": {},
"id": "<Directory ID>",
"name": "azure_dir",
"domains": [
"<domain name>"
],
"source": "AZURE",
"type": "PROVISIONED",
"delete_in_progress": false
}
],
"_links": {}
}
curl -kv --request DELETE 'https://vCenter_FQDN/usergroup/t/CUSTOMER/broker/directories/<Directory ID from Step 11>' \
--header 'Authorization: Bearer <ACCESS TOKEN>'
curl -kv --request GET 'https://vCenter_FQDN/usergroup/t/CUSTOMER/broker/directories' \
--header 'Authorization: Bearer <ACCESS TOKEN>' | jq
<ACCESS TOKEN>
using the token from Step 10.curl -kv --location --request GET 'https://vCenter_FQDN/federation/t/CUSTOMER/broker/identity-providers' \ --header 'Authorization: Bearer <Access Token>' | jq
Sample Response :
{
"items": [
{
"_links": {},
"id": "<Identity Provider ID>",
"idp_name": "Azure",
"idp_type": "OIDC",
"directory_ids": []
}
],
"_links": {}
}
curl -kv --location --request DELETE 'https://vCenter_FQDN/federation/t/CUSTOMER/broker/identity-providers/<Identity Provider ID from Step 14>' \ --header 'Authorization: Bearer <ACCESS TOKEN>'
curl -kv --location --request GET 'https://vCenter_FQDN/federation/t/CUSTOMER/broker/identity-providers' \ --header 'Authorization: Bearer <Access Token>' | jq