Login supervisor failed with "Error while getting list of workloads: invalid or missing credentials"
Article ID: 392949
Updated On: 04-02-2025
Products
VMware vSphere with Tanzu
Issue/Introduction
- vCenter Server configures with external IDP and user account from IDP has been configured permission to Supervisor.
- Authenticate the user account to Supervisor with '
kubectl vsphere login' failed:FATA[2025-03-21 14:42:22.600] Error while getting list of workloads: invalid or missing credentials
Environment
vSphere with Tanzu
Cause
Supervisor supports two authentication methods: vCenter Single Sign-On and an OIDC-compliant external identity provider. The 'kubectl vsphere login' uses the method of vCenter Single Sign-On. The user account can not be from external identity provider. For more information see About Identity and Access Management for TKG Service Clusters
Resolution
Authenticate user account from external IDP with Supervisor, need to configure the external IDP to Supervisor.
More information about the details is from Connecting to TKG Clusters on Supervisor Using an External Identity Provider
Additional Information
Supervisor supports the external IDP: Configure an External IDP for Use with TKG Service Clusters
| External IDP | Configuration |
| Okta | Example OIDC Configuration Using Okta See also Configure Okta as an OIDC provider for Pinniped |
| Workspace ONE | Configure Workspace ONE Access as an OIDC provider for Pinniped |
| Dex | Configure Dex as an OIDC provider for Pinniped |
| GitLab | Configure GitLab as an OIDC provider for Pinniped |
| Google OAuth | Using Google OAuth 2 |
Feedback
Yes
No
Powered by
