Unexpected OpenID Connect authentication prompt in NSX after enabling Trust on compute manager
Article ID: 433662
Updated On:
Products
Issue/Introduction
NSX prompts for OpenID authentication unexpectedly during user login. This disrupts standard login workflows in environments utilizing vLCM clusters where compute manager trust has been recently enabled
An unfamiliar OpenID Connect entry is present in the NSX System Administration Authentication Providers tab
Environment
VMware NSX 4.2.x
VMware vCenter Server
VCF 5.1 - 5.2
Cause
The OpenID Connect configuration in NSX is a system-generated federation between NSX and vCenter, created automatically when compute manager trust is enabled to support vLCM operations. The login interruption occurs because the overarching Single Sign-On (SSO) integration has not been fully completed within SDDC Manager.
Resolution
Configure OIDC between the vCenter Server and the external Identity Provider (IdP) to complete the overarching SSO federation in SDDC manager.
If an external IdP is not intended for use, remove the OpenID Connect from NSX manager by deleting it from Authentication Provider tab.
Feedback
