Cleanup SSO configuration if VCF Identity Broker is down
search cancel

Cleanup SSO configuration if VCF Identity Broker is down

book

Article ID: 393161

calendar_today

Updated On:

Products

VCF Operations

Issue/Introduction

Cleanup SSO config when unable to perform reset-sso functionality available in UI due to VCF Identity Broker being down.

Environment

VCF Operations 9.0

Resolution

  1. Generate the token using the VCF Operations admin username and password

    Acquire a token from the VCF Operations API using the command below (replacing {{vcfops-ip}} and  vcfops-password)

    curl --location 'https://{{vcfops-ip}}/suite-api/api/auth/token/acquire' \
    --header 'Accept: application/json' \
    --header 'Content-Type: application/json' \
    --data '{    "username":"admin",    "password":"vcfops-password"}'

    In the API response, token will be presented. Use this token in the next step.


    Example for Postman usage (Returned token is masked):




  2. Cleanup the SSO config with the below API 

    In order to get the vidbResourceId you can use the following curl command (replacing {{vcfops-ip}} and {{token}} ):

    curl -k --location 'https://{{vcfops-ip}}/suite-api/internal/vidb/identityproviders' \
    --header 'Accept: application/json' \
    --header 'Content-Type: application/json' \
    --header 'Authorization: vRealizeOpsToken {{token}}' \
    --header 'X-vRealizeOps-API-use-unsupported: true'


    Update the token from the previous step (replacing {{vcfops-ip}} and {{token}} in command below)

    Add the vidbResourceId (marked by #'s in the command below)

    curl --insecure --location --request DELETE 'https://{{vcfops-ip}}/suite-api/internal/vidb/identityproviders?vidbResourceId=########-####-####-####-############&purgeSSOConfig=true' \
    --header 'Accept: application/json' \
    --header 'Content-Type: application/json' \
    --header 'Authorization: vRealizeOpsToken {{token}}' \
    --header 'X-vRealizeOps-API-use-unsupported: true'


    Example for Postman usage (vidbResourceId is masked):





  3. NOTE: This following step is only applicable for Embedded VCF Identity broker setup and if you are running VCF Operations 9.0. For External VCF Identity broker appliance or if you are running VCF Operations 9.0.1 or higher , this step is not required!

  • Download the attached shell script
  • Move the script to VCF Operations
  • SSH to VCF Operations as root user
  • Update the permission to make the script executable with the following command:

    chmod +x cleanup_auth_sources.sh

  • Execute the script with the following command: 

    ./cleanup_auth_source.sh

Attachments

cleanup_auth_sources.sh get_app
Powered by Wolken Software