The default vIDM administrator is unable to authenticate to the Aria Automation interface.

• Error: 403, It appears that you don't have access.

Aria Automation 8.18.X
VIDM 3.3.7

Time zone mismatch exists between Aria Automation cluster nodes, one of the node has different Time zone.

Performing below steps resolves issue: 

    Take Snapshot and have good Back Up for Aria Automation.

• Step 1:

  • Log into any of the Aria Automation node via SSH as root.
  • Run command: vracli ntp status.
  • The affected node time zone shows as different. 
  • Set the correct timezone on the affected node: timedatectl set-timezone UTC

Note: Aria Automation nodes should have UTC as timezone. 

• Step 2:

  • Retrieve the SHA256 thumbprint: echo | openssl s_client -connect <vIDM_FQDN>:443 2>/dev/null | openssl x509 -fingerprint -sha256 -noout | awk -F'=' '{print $2}' | tr -d ':' | awk '{print tolower($0)}'.
  • Verify this matches the thumbprint in the browser certificate details.
  • Re-register vIDM with the thumbprint: vracli vidm set https://<vIDM_FQDN> admin /tmp/pw.txt email -f <thumbprint>.

• Step 3:

  • Run vracli vidm apply.
  • Run /opt/scripts/deploy.sh.

• Step 4:

  • If the 403 error persists, execute: /opt/scripts/vidm_recovery.py --vidm-url-new https://<vIDM_FQDN> --same-hostname --vidm-admin admin --vra-configuration-admin <configadmin_user> --no-verify.
  • Run /opt/scripts/deploy.sh again.

• Step 5:

  • Power cycle vIDM and then Aria Automation via Aria Suite Lifecycle.

Correcting the time zone ensures SAML token validity between Aria Automation and vIDM. Using the --same-hostname flag during recovery specifically addresses scenarios where vIDM was redeployed on existing infrastructure, forcing the refresh of internal service associations without changing endpoint references.