When trying to execute a workflow via the Orchestrator plugin in Cloud Director you observe errors similar to
Within the Cloud Director log file /opt/vmware/vcloud-director/logs/vcloud-container-debug.log you observe errors similar to:
2024-10-01 15:53:24,380 | ERROR | pool-jetty-129610 | SoapBindingImpl | SOAP fault | requestId=<request-id>,request=GET https://cloud.example.com/cloudapi/workflows/forms/urn:vcloud:serviceItem:<service-item-id>/evaluationContext,requestTime=1727790804132,remoteAddress=<remote-ip>:41183,userAgent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 ...,accept=*;version 38.1
com.sun.xml.ws.fault.ServerSOAPFaultException: Client received SOAP Fault from server: Signature is invalid. Please see the server log to find more detail regarding exact cause of the failure.
at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:193)
2024-10-01 15:53:24,382 | WARN | pool-jetty-129610 | VroServiceImpl | Unable to secure connection to VRO server vrovip.example.com using VC <vc-id> | requestId=<request-id>,request=GET https://cloud.example.com/cloudapi/workflows/forms/urn:vcloud:serviceItem:<service-item-id>/evaluationContext,requestTime=1727790804132,remoteAddress=<remote-ip>:41183,userAgent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 ...,accept=*;version 38.1
com.vmware.vcloud.vro.client.exception.VroSsoAuthenticationException: Error obtaining hok token
at com.vmware.vcloud.vro.client.connection.VroSsoAuthenticationManager.getHoKTokenFromSecurityTokenService(VroSsoAuthenticationManager.java:208)
at com.vmware.vcloud.vro.client.connection.VroSsoAuthenticationManager.fetchHoKToken(VroSsoAuthenticationManager.java:166)
at com.vmware.vcloud.vro.client.connection.VroSsoAuthenticationManager.regenerateAuthentication(VroSsoAuthenticationManager.java:150)
at com.vmware.vcloud.vro.client.connection.VroSsoAuthenticationManager.lambda$getSsoAuthentication$0(VroSsoAuthenticationManager.java:140)
at java.base/java.util.concurrent.atomic.AtomicReference.accumulateAndGet(AtomicReference.java:263)
Caused by: com.vmware.vim.sso.client.exception.AuthenticationFailedException: Request signature is not valid. Check if the confirmation certificate matches the given private key.
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.handleFaultCondition(SecurityTokenServiceImpl.java:1140
Cloud Director 10.x
This issue occurs when the VRO plugin is unable to authenticate successfully to the VRO server using the user account set in the Service Management page of Cloud Director. As Cloud Director attempts to acquire an authentication token with the stored username and password it fails.
To resolve this matter:
1) Login to the Cloud Director provider portal as a system administrator
2) Navigate to "Libraries -> Service Management".
3) Review the VRO registration details and identify which user account has been used to authenticate to VRO.
4) Edit the VRO connection point and type the user password again to ensure it's set correctly. Save and then test if the matter is resolved.
5) If issues persist, create a new user account which can be used for the VRO registration. Replace the old account with this new account in the VRO registration page .