Login using SSO doesn't work with VCF Operations for Networks 9.0.1.0
search cancel

Login using SSO doesn't work with VCF Operations for Networks 9.0.1.0

book

Article ID: 421822

calendar_today

Updated On:

Products

VCF Operations for Networks

Issue/Introduction

  • Login using SSO doesn't work with VCF Operations for Networks 9.0.1.0
  • VCF SSO login is configured in VCF 9.0.1.0
  • Error message on UI is 400 Bad Request when VCF SSO login is used

    Refer to below error screenshot:




  • Log from platform bundle at location /var/log/arkin/restapilayer/  shows below 

    Findings from Rest API Logs I see below related log entries 

2025-11-07T20:57:10.000413Z INFO restapilayer 60120 [netw@4413 class="common.utils.GCNotificationListener" thread="Notification Thread" method="handleNotification" line="44"] GC_DETAILS , ID=101831, GC_TYPE=end of minor GC, GC_NAME=PS Scavenge, DURATION(millis)=2, GC_CAUSE=Allocation Failure, GC_START_TIME(millsAfterJVMStart)=1398034042, GC_END_TIME(millsAfterJVMStart)=1398034044
2025-11-07T20:57:12.000576Z INFO restapilayer 60120 [netw@4413 class="sso.client.SsoClientImpl" thread="dw-102841 - GET /auth/sso/callback_code=######gtOGIyM#####yMjMtN2ZmYTA5#####41WkZDZmZNUTdNNnVCQ#######_state=######kcfAp0g90at6w9z4o-5T64q#####PQ_nonce=########B-0LnA4########cZGILqj6Xly########" method="exchangeCodeForToken" line="242"] Redirect URI: https://#######.######/api/auth/s
so/callback
2025-11-07T20:57:12.000580Z INFO restapilayer 60120 [netw@4413 class="sso.client.SsoClientImpl" thread="dw-102841 - GET /auth/sso/callback_code=########tOGIyMC00ZTVm########tN2ZmYTA5YTk3Z########DZmZNUTdNNnVCQW########_state=########PkcfAp0g########z4o-5T64q########_nonce=####_ybwxB-######GrN2cZGILqj6Xl#######" method="exchangeCodeForToken" line="250"] Token Endpoint :https://#######.######/acs/t/CUSTOME
R/token
Use is ##########@######.#####

Environment

  • VCF Operations for Networks 9.0.0
  • VCF Operations for Networks 9.0.1

Cause

This is a configuration issue and not a product issue.
The FQDN used with VCF SSO configurations shows for Load Balancer (AVI Networks) and not the VCF SSO appliance, which resulted in error 400 Bad Request.

Resolution


Modify the configuration of VCF SSO It should not point to FQDN for AVI Load Balance but VCF SSO Appliance.

To fix this issue use the correct configurations for VCF SSO as per the document available for VCF Configuration for VCF 9.0.1.0 is as below:

Option 1:
Configuration VCF SSO with Operations for Networks 

Option 2:
Configuration VCF SSO with VCF

Deploying VCF Identity Broker

Ensure the prerequisites mentioned in below documentation are met when using VCF SSO in Appliance Mode 

Points to Consider and Prerequisites while Configuring VCF Single Sign-On

 

Powered by Wolken Software