Accessing vIDM fails with Error: "You do not have permission to access this page: /hc/xxxx/authenticate/"
Article ID: 396017
Updated On:
Products
VMware Aria Suite
Issue/Introduction
- Login failure while accessing vIDM:
You do not have permission to access this page: /hc/xxxx/authenticate/ - Adding Identity Manager FQDN from the admin portal fails.
Environment
vIDM 3.3.7
Cause
IDP configuration value null in vIDM node's configuration file config-state.json causing authentication to fail.
"idp" : {
"isConfigured" : false,
"host" : null,
Resolution
Workaround:
Note: Before following the steps below, make sure to take cold snapshot of all the nodes.
Make note of the worker ID from the error message. For example 9999 is the worker ID from the following error message.
Make note of the worker ID from the error message. For example 9999 is the worker ID from the following error message.
You do not have permission to access this page: /hc/9999/authenticate/
- SSH to VMware Identity Manager Appliance(s) using root credentials. Run following command and validate which node holds the error message worker Id previously noted.
find / -iname config-state.json - Stop the service ONLY on node which has the error message worker Id.
service horizon-workspace stop - Back up the current configuration file by running the command.
mv config-state.json config-state.json.bkp - Access Identity manager over UI using local credentials directly to the node.
Go to "Identity and Access Management", Under "Directory Sync and Authentication" section.
If the affected node connector is in use, switch to any other connector. - From IDP Configuration, remove affected connector.
And, Add the deleted connector, save the IDP configuration. - Validate whether config-state.json has IDP configured as true after adding the connector back.
- Start horizon-service.
service horizon-workspace start - Restart opensearch service.
/etc/init.d/opensearch restart - Validate Directory Sync is successful.
Feedback
Yes
No
Powered by
