When generating an authentication token for VMware Aria Operations (formerly vRealize Operations) using the vIDM authentication source via the REST API, the operation fails with the following error:

"We apologize. You are not authorized for the request"

curl -k https://<hostname>/suite-api/api/auth/token/acquire \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-X POST \
-d '{
  "username": "vIDM_Username@vIDM_DOMAIN@vIDM_AUTHENTICATION_SOURCE_NAME_IN_vROPS",
  "password": "<vIDM_user_password>"
}'

This issue occurs when executing the following API call.

URL / Method

POST: https://<Hostname_or_IP>/suite-api/api/auth/token/acquire

Note: Ensure that you replace <Hostname_or_IP> with the actual hostname or IP address of your VMware Aria Operations instance.

Headers

Content-Type: application/json
Accept: application/json

Body Payload:

{
"username" : "vIDM_Username@vIDM_DOMAIN@vIDM_AUTHENTICATION_SOURCE_NAME_IN_vROPS", (e.g: [email protected]@vIDM)
"password" : "The password above must be of vIDM user (the one user enters to login to vIDM server)"
}

Sample Response:

{
  "token": "xxxxxxxxxxx",
  "validity": xxxxxxxx,
  "expiresAt": "xxxxxx",
  "roles": []
}

Aria Operations 8.18.x

The user specified in the API request does not exist in VMware Identity Manager (vIDM) or is not properly configured.

1. Verify that the user exists in VMware Identity Manager (vIDM).

2. Ensure the user is properly configured and mapped for vIDM authentication.

3. If the user is missing, add the user in vIDM.

4. Retry generating the token using the same API call.

The username must follow the format:
vIDM_Username@vIDM_DOMAIN@vIDM_AUTHENTICATION_SOURCE_NAME_IN_vROPS
(Example: [email protected]@vIDM)

The password must be the one used to log in to the vIDM server.