Users and Group and Catalog tab were blank and sometime shows message - 'User is not authorized to perform the task'
Article ID: 377574
Updated On:
Products
Issue/Introduction
When logged in to the VIP for vIDM the 'Users and Group' and 'Catalog' tab were blank and sometime shows " User is not authorized to perform the task" . The Developers Tools Network console shows 403 (Forbidden)
Environment
A clustered 3 vIDM Nodes with VIP configured behind the Load Balancer .
Cause
The configuration on Load Balancer were not correctly configured.Check the configuration for the Workspace ONE Access (vIDM) with the Load Balancer in used.
- F5 Load Balancing VMware Identity Manager https://www.f5.com/pdf/solution-center/f5-big-ip-vmware-workspaceone-integration-guide.pdf
- For Load Balancing Workspace ONE Access with NSX Advanced Load Balancer https://avinetworks.com/docs/latest/load-balancing-ws1-access-with-nsx-alb/
Updated version - Load Balancing Workspace ONE Access with NSX Advanced Load Balancer https://docs.vmware.com/en/VMware-NSX-Advanced-Load-Balancer/30.1/Configuration-Guide/GUID-CD3F10D2-4F0D-4C36-ADE1-80A64B35D7A4.html
Resolution
To isolate the issue with the configuration on the Load Balancer try logging into individual vIDM nodes using the URL ' https://vidm_node_FQDN/SAAS/login/0 ' and confirm that the Users and Groups and Catalog were working and also confirm that the Developers tool Network console doesn't show error 403 (Forbidden) .
As part if the troubleshooting process please compare the packet capture of the non working with the vIDM VIP where we get 403 and the working URL with individual vIDM node.
Please configure the Load Balancer configuration for vIDM per the configuration guide.
Note: Verify the required settings on the NSX ALB side - Check the NSX ALB settings for "httponly_enabled after disabling the "http-only cookie" the issue is resolved .
Additional Information
Feedback
