Accessing vIDM fails with Error: "You do not have permission to access this page: /hc/xxxx/authenticate/"

search cancel

book

calendar_today

VCF Operations/Automation (formerly VMware Aria Suite)

Login failure while accessing vIDM:
You do not have permission to access this page: /hc/xxxx/authenticate/
Adding Identity Manager FQDN from the admin portal fails.

vIDM 3.3.7

IDP configuration value null in vIDM node's configuration file config-state.json causing authentication to fail.

"idp" : {
"isConfigured" : false,
"host" : null,

This issue may also arise if the config-state.json file is missing on any of the vIDM standby nodes.

Note: Before following the steps below, make sure to take cold snapshot of all the nodes.

Make note of the worker ID from the error message. For example 9999 is the worker ID from the following error message.

You do not have permission to access this page: /hc/9999/authenticate/

SSH to VMware Identity Manager Appliance(s) using root credentials. Run following command and validate which node holds the error message worker Id previously noted.
find / -iname config-state.json
Stop the service ONLY on node which has the error message worker Id.
service horizon-workspace stop
Back up the current configuration file by running the command.
mv config-state.json config-state.json.bkp
Access Identity manager over UI using local credentials directly to the node. Go to "Identity and Access Management", Under "Directory Sync and Authentication" section. If the affected node connector is in use, switch to any other connector.
From IDP Configuration, remove affected connector. And, Add the deleted connector, save the IDP configuration.
Validate whether config-state.json has IDP configured as true after adding the connector back.
Start horizon-service.
service horizon-workspace start
Restart opensearch service.
/etc/init.d/opensearch restart
Validate Directory Sync is successful.

thumb_up Yes

thumb_down No