After configuring radius authentication for VCO login, VCO UI login via radius authentication fails due to error "Cannot read property 'username' of null"

VMware SDWAN Orchestrator

On checking VCO portal logs, we found that VCO is unable to authenticate radius user since radius password doesn't follow the VCO password policy.

VCO password policy is configured in vco.operator.authentication.passwordPolicy and vco.enterprise.authentication.passwordPolicy system properties on VCO.

2024-06-27T02:11:27.606Z - error: [operatorLogin.171943917.107] [24127] radius authentication failed {"stdout":["Sent Access-Request Id 127 from 0.0.0.0:45126 to 63.221.245.159:1812 length 45\n\tUser-Name = \"rhyli\"\n\tUser-Password = \"*****\"\n\tCleartext-Password = \"*****\"\nReceived Access-Reject Id 127 from 63.221.245.159:1812 to 0.0.0.0:0 length 41\n\tReply-Message = \"Invalid credentials\"\n"],"stderr":["(0) -: Expected Access-Accept got Access-Reject\n"],"errors":[],"code":1,"signal":null,"attributes":{},"data":"Sent Access-Request Id 127 from 0.0.0.0:45126 to 63.221.245.159:1812 length 45\n\tUser-Name = \"rhyli\"\n\tUser-Password = \"*****\"\n\tCleartext-Password = \"*****\"\nReceived Access-Reject Id 127 from 63.221.245.159:1812 to 0.0.0.0:0 length 41\n\tReply-Message = \"Invalid credentials\"\n","errorStr":"(0) -: Expected Access-Accept got Access-Reject\n","message":"ACCESS_REJECT"}

2024-06-27T02:11:28.881Z - error: [operatorLogin.171944100.72] [25061] radius server error code=1

2024-06-27T15:27:35.899Z - error: [operatorLogin.171948768.36] [29320] error inserting operator user on radius authenticate Password does not meet defined strength policy
2024-07-02T06:49:27.709Z - error: [operatorLogin.171988267.53] [28124] error inserting operator user on radius authenticate Password does not meet defined strength policy
2024-07-02T06:49:57.258Z - error: [operatorLogin.171990156.44] [3300] error inserting operator user on radius authenticate Password does not meet defined strength policy
2024-07-02T06:54:32.745Z - error: [operatorLogin.171987219.117] [23954] error inserting operator user on radius authenticate Password does not meet defined strength policy

Change the radius user passwords configured in /etc/freeradius/3.0/users so that they comply with the configured enterprise password strength policy in VCO system properties vco.operator.authentication.passwordPolicy and vco.enterprise.authentication.passwordPolicy.

Change has to be done by logging into VCO CLI with root user and going to /etc/freeradius/3.0/users and edit this file.

While configuring radius authentication, we need to verify below always :-

1) Is the the domain field in the Radius configured same as enterprise name in VCO. If both are different, please make them same since VCO tries to map the domain field (from Radius response) with the enterprise name.

2) If above is fine, please check if radius user passwords configured in /etc/freeradius/3.0/users complies with the configured enterprise password strength policy in VCO system properties vco.operator.authentication.passwordPolicy and vco.enterprise.authentication.passwordPolicy.