An AD account failed to login to VCF 9.0.2 operations, 'Illegal base64 character' found in log files
search cancel

An AD account failed to login to VCF 9.0.2 operations, 'Illegal base64 character' found in log files

book

Article ID: 431761

calendar_today

Updated On:

Products

VCF Operations

Issue/Introduction

  • When login VCF Operations with SSO, after input the domain user and password then click the "LOG IN" button, the login page will be logged out then redirected back to login page again as below:



  • If capturing the login HTTP sessions by web browser developer tool (Option "Preserve Logs" should be selected), there is HTTP 500 code returned for request 'getUserSettings':



  • There are non-English characters in in AD account attributes.

  • In /storage/log/vcops/log/product-ui/localhost.YYYY-MM-DD.log, there is "Illegal base64 character" error like below:

    DD-MON-YYY hh:mm:ss  SEVERE [ajp-nio-127.0.0.1-####-exec-###] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [default] in context with path [/vcf-operations] threw exception
    java.lang.IllegalArgumentException: Illegal base64 character ##

Environment

VCF Operations 9.0.2

Cause

This is caused by non-English characters in AD account attributes.

To confirmed this reason, check /var/log/apache2/access_log  and  /var/log/httpd/access_log

There are 2 logout requests following HTTP 500 returned for a GET getUserSettings request:

<client_IP> - - [DD/MON/YYYY:hh:mm:ss +0000] "GET /ui/vidbClient/vidb/?code=################################&state=################################%3D HTTP/2.0" 302 - "https://<VIDB_FQDN>/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0"
<client_IP> - - [DD/MON/YYYY:hh:mm:ss +0000] "GET /ui/index.action HTTP/2.0" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0"
<client_IP> - - [DD/MON/YYYY:hh:mm:ss +0000] "GET /vcf-operations/ui HTTP/2.0" 200 458 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0"
<client_IP> - - [DD/MON/YYYY:hh:mm:ss +0000] "GET /vcf-operations/getUserSettings HTTP/2.0" 500 455 "https://<VCF_Operations_FQDN>/vcf-operations/ui" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0"
<client_IP> - - [DD/MON/YYYY:hh:mm:ss +0000] "GET /vcf-operations/logout HTTP/2.0" 401 2 "https://<VCF_Operations_FQDN>/vcf-operations/ui" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0"
<client_IP> - - [DD/MON/YYYY:hh:mm:ss +0000] "GET /vcf-operations/logout HTTP/2.0" 200 28 "https://<VCF_Operations_FQDN>/vcf-operations/ui" "Mozilla/5.0 (Windows NT 10.0; Win64; 

Resolution

Broadcom engineering team is aware of this issue, and code fix is included in VCF 9.1.0.

For VCF 9.0.x, the workaround is :

    Remove all non-English characters from AD account attributes.

Powered by Wolken Software