Unable to log in to VCF Operations Orchestrator, which is integrated with VCF Automation as the authentication provider, after upgrading from 8.18.x to 9.0.x.
search cancel

Unable to log in to VCF Operations Orchestrator, which is integrated with VCF Automation as the authentication provider, after upgrading from 8.18.x to 9.0.x.

book

Article ID: 416894

calendar_today

Updated On:

Products

VCF Automation

Issue/Introduction

 

  • Login attempts to VCF Operations Orchestrator fail after upgrading from 8.18.x to 9.0.x.




  • The source Aria Automation Orchestrator 8.18.x was configured to use Aria Automation as the authentication provider.


  • /var/log/services-logs/prelude/tenant-manager-0/file-logs/vcloud-container-debug.log on VCF Automation contains entries similar to:

    [timestamp] | DEBUG    | pool-jetty-60             | RelyingPartyRepositoryProvider | Invalid client UUID supplied during OIDC auth flow | requestId=<UUID>,request=GET https://<VCF Automation host name>/oidc/oauth2/authorize,requestTime=<timestamp>,remoteAddress=<IP:port>,userAgent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 ...,accept=text/html application/xhtml+xml application/xml;q 0.9 image/avif image/webp image/apng */*;q 0.8 application/signed-exchange;...,Host=<vcsa host name>
    java.lang.IllegalArgumentException: UUID string too large
    [timestamp] | DEBUG    | pool-jetty-60             | LoggingSimpleUrlAuthenticationFailureHandler | IDP service authentication failure | requestId=<UUID>,request=GET https://<VCF Automation host name>/oidc/oauth2/authorize,requestTime=<timestamp>,remoteAddress=<IP:port>,userAgent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 ...,accept=text/html application/xhtml+xml application/xml;q 0.9 image/avif image/webp image/apng */*;q 0.8 application/signed-exchange;...,Host=<vcsa host name>
    org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationException: OAuth 2.0 Parameter: client_id


  • /var/log/services-logs/prelude/tenant-manager-0/file-logs/access-log-<date>.log on VCF Automation shows client_id in the format orchestrator-<UUID>

    <IP> - - [timestamp] "GET /oidc/oauth2/authorize?response_type=code&scope=vcd_idp+phone+openid+profile+groups+email+tm_ui&state=...&client_id=orchestrator-########-####-####-####-############&redirect_uri=...

Environment

VCF Automation 9.0.x

VCF Operations Orchestrator 9.0.x

Cause

VCF Automation 9.x expects a plain UUID in the client_id, but Orchestrator sends in orchestrator-<UUID> format.

Resolution

Re-register the authentication provider using the 'vracli vro authentication' commands.

For details on the vracli vro authentication command, please refer to:

Configuring the VCF Operations Orchestrator Authentication Provider

Powered by Wolken Software