Getting "Security header validation failed, logging out" Error In VIDM When Adding Bookmarks
search cancel

Getting "Security header validation failed, logging out" Error In VIDM When Adding Bookmarks

book

Article ID: 387340

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

In VMware Identity Manager 3.3.x, you may encounter a session termination when performing specific actions in the portal. When you attempt to add a bookmark, the following errors appear:

  • "Security header validation failed, logging out"

  • "Failed to update the bookmark status"

This issue occurs within the vIDM User Portal and results in an immediate logout of the user session.

Environment

 

  • Load Balancer: NSX ALB (AVI)

  • Identity Provider: VMware Identity Manager 3.3.x

  • Management: VMware Aria Suite Lifecycle 8.x

 

Cause

This issue is caused by restrictive SSL or security settings within the Load Balancer's Application Profile that interfere with how vIDM validates security headers during stateful actions like bookmarking.

Resolution

To resolve this issue, you must adjust the Application Profile settings on your NSX Advanced Load Balancer:

  1. Log in to your NSX ALB (AVI) console.

  2. Navigate to the Application Profile associated with your vIDM virtual service.

  3. Locate the SSL Configuration section.

  4. Disable HTTP-only: If the "HTTP-only" checkbox is enabled, uncheck it to disable the feature.

  5. Disable Web Application Firewall (WAF): Ensure the WAF policy is disabled for this specific profile to prevent it from blocking application-layer requests.

  6. Enable SSL Everywhere: Confirm that the "SSL Everywhere" setting is

 

Additional Information

The Web Application Firewall (WAF) is a security feature within the NSX Advanced Load Balancer (ALB) designed to protect web applications from common application-layer attacks; however, in this specific context, it may flag legitimate vIDM bookmarking traffic as a security risk.

Three possible causes for this issue, and all are related to SSL issue:

 Check the Application Profile  in the SSL configuration screen:

1. If the HTTP-only is enabled/checked as shown in the above screen,  disable it by unchecking it.

2. Disable the Web Application Firewall (WAF) if it is enabled (WAF is a security feature within the NSX Advanced Load Balancer (ALB) that protects web applications from common application-layer attacks)

3. confirm that the "SSL Everywhere" in the above screen is enabled.

Powered by Wolken Software