HTTP Status 400 Error upon trying to configure vCenter FQDN in the SAML SSO while setting up VCF Operation 9.0
Article ID: 411570
Updated On:
Products
VCF Operations
Issue/Introduction
In VCF Operations 9.0, upon trying to set up SAML SSO, if you misconfigure it using the vCenter FQDN as the authentication source, the Test connection may show as successful however you will be unable to login to the VCF operations web UI.
Environment
VCF Operations 9.0
Cause
Since vCenter FQDN was entered during the SAML SSO setup under VCF Operations Authentication Sources, it prevents the valid user logins as it redirects the authentication requests to the vCenter server.
Resolution
There is no resolution and ideally VCF 9.0 should be redeployed however below workaround can be followed.
Workaround:
- Log in to the API Console.
Access the VCF Operations API console in a browser and authenticate with admin credentials.
https://<VCF-Operations-URL>/suite-api/doc/swagger-ui.html- List the Authentication Sources.
Execute the below API to list all configured authentication sources: Identify the incorrect SAML entry (the one pointing to the vCenter URL).
GET /api/auth/sources- Delete the incorrect SAML entry
Execute the below API with the identified sourceId of the faulty entry: When prompted, provide the username and password that were configured during the initial SAML setup.
DELETE /api/auth/sources/{sourceId}- Validate the authentication source
Once the incorrect entry is deleted, the VCF Operations web UI will stop redirecting to the vCenter. You will be able to login to the UI using admin credentials.
Additional Information
-
Always validate the correct Identity Provider (IdP) URL during SAML SSO setup.
-
Avoid using vCenter URLs as authentication sources in VCF Operations.
-
Before saving changes, ensure test connection points to the intended IdP and not vCenter.
Feedback
Yes
No
Powered by
