After editing usercatalog scope, the permission admin is missing and authentication failure in VMware Identity Manager
search cancel

After editing usercatalog scope, the permission admin is missing and authentication failure in VMware Identity Manager

book

Article ID: 416584

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

  • When editing scope for the "usercatalog-<vidm>-<uuid>" in Remote App Access under Catalog > Settings and clicking "Save", the admin permission is removed. 
  • The following error appears when AD users tries to access the vIDM:
    "Request Failed. Please contact your IT administrator"
  • The local users are not affected.

Environment

VMware Identity Manager (vIDM) 3.3.7

Resolution

To resolve the issue, the admin permission needs to be readded to the DB using the commands below:
 
  1. SSH to the vIDM primary node appliance as the root user.

  2. Copy the DB password
    cat /usr/local/horizon/conf/db.pwd

     

  3. Access the DB
    psql -U postgres saas

     

  4. Run the commands below to find and update the "usercatalog" in the DB.
    SELECT * FROM "OAuth2Client" WHERE "clientId" = 'usercatalog-<vidm>-<uuid>';  
  
UPDATE "OAuth2Client" set "scope"='user admin' WHERE "clientId" = 'usercatalog-<vidm>-<uuid>';

    • NOTE: The usercatalog-<vidm>-<uuid> (Client ID) is copied from the Remote App Access page. 

  5. Finally, restart the horizon service.
    service horizon-workspace restart
Powered by Wolken Software