TMC Login Through ADFS Times Out After 3 Minutes
search cancel

TMC Login Through ADFS Times Out After 3 Minutes

book

Article ID: 397975

calendar_today

Updated On:

Products

VMware Tanzu Kubernetes Grid Management

Issue/Introduction

Tanzu Mission Control Self-Managed federated authenticationType with ADFS using a multifactor authentication login for users. The initial MFA login is successful, but after 3 minutes a 'token refresh' is pushed to ADFS and the user is logged out of the Tanzu Mission Control Self-Managed user interface. Pinniped logs during the log-out reports an error:'Received invalid UserInfo request. Access token in request doesn't contain required scope claim with value 'openid'.

Cause

ADFS is currently not compliant with the OAuth2RefreshToken spec.

Resolution

Microsoft highly recommends migrating to Microsoft Entra ID. 

Issue is being treated as a feature request that will be released in a future version of TMC SM.

Powered by Wolken Software