In VMware Cloud Foundation (VCF) environments, the NSX Manager user interface (UI) displays a JSON payload error instead of a standard login redirect after being left dormant.

Symptoms:

• The UI displays "Access Denied ERROR CODE 403" with the message "You are no longer authenticated. Please login again".

• After approximately 60 seconds, the browser redirects to a raw JSON payload containing a redirectUrl pointing to the VMware Cloud Foundation SSO (OIDC) logout endpoint.

• Example JSON observed: {"redirectUrl":"https://<REDACTED_FQDN>/acs/t/CUSTOMER/openid/logout?..."}

• VMware Cloud Foundation 9.0

• NSX-T / NSX Manager

The issue is caused by a metadata key mismatch in the OpenID Connect (OIDC) token refresh flow within the reverse proxy configuration.

This issue is resolved in VMware Cloud Foundation 9.1.

Workaround:

1. Log out and re-authenticate manually if the session has been idle for extended periods (approaching the default 30-minute Access Token TTL).

2. If the JSON error payload is displayed, manually navigate back to the NSX Manager FQDN or the login page to initiate a new authentication session.

3. Subscribe to this knowledge article to receive updates regarding this issue.

• Contact Broadcom Support