When fetching user name from Okta OIDC in NSX manager, user name has appended domain name twice
book
Article ID: 378298
calendar_today
Updated On:
Products
VMware NSX
Issue/Introduction
VMware NSX 4.0.x and 4.1.x
Okta OIDC is used for user authentication
While fetching User/User Group name from NSX Manager UI (System -> System -> User Management -> User Role Assignment -> select ADD PRINCIPAL IDENTITY), user will come up in format username@domain@domain
Environment
VMware NSX 4.x
Cause
Under some circumstances, Okta can be configured to return the entire AD UserPrincipalName (e.g. [email protected]) in the userName property returned in SCIM search results, and WorkspaceOne Broker returns these as well in its SCIM search results.
NSX unconditionally appends the domain to the userName, so this causes usernames like [email protected]@example.com to end up in role binding configurations on NSX.
Resolution
This issue is resolved in VMware NSX 4.2.0 and higher.