Hi Grant,

Thanks for pointing to the REST API link. I was trying to import the advanced designer services via REST.

Are you able to get the http bearer token using the rest api?

curl --insecure -H "Accept: application/json" -H 'Content-Type: application/json' --data '{"username":"administrator", "password":"password","tenant":"vsphere.local"}' https://vra/identity/api/tokens

Works fine.

But

curl --insecure -H "Accept: application/json" -H 'Content-Type: application/json' --data '{"username":"user@domain.net", "password":"password","tenant":"some-tenant"}' https://vra/identity/api/tokens

Returns an error with code 90135. Do you have a similar issue?

Thanks

This works for me:

vra-01a:~ # curl --insecure -H "Accept: application/json" -H 'Content-Type: application/json' --data '{"username":"tony@lab.local", "password":"blah","tenant":"vsphere.local"}' https://vra-01a.lab.local/identity/api/tokens

{"expires":"2016-01-21T15:16:11.000Z","id":"MTQ1MzM2MDU3MTU5ODo5NjdkNjE4OTBkZGE5NGU4MjUxZDp0ZW5hbnQ6dnNwaGVyZS5sb2NhbHVzZXJuYW1lOnRvbnlAbGFiLmxvY2FsZXhwaXJhdGlvbjoxNDUzMzg5MzcxMDAwOmI5ODUxMjI3ZGYwNDc3ZWFiNTI5NWUxMWY3OWM1ZTVlZDQxYWRkOTg5YWU4OTQ3YTk1ZmJkNzA3NGY2YjgwNGU3OTgwODBiNmUxMzc1NzgyMzZkZmM0ZDA2MDU1ZTNmNGM5ODNlOTU2YzkxODA2ZmJiMjA3M2E2OGVjNGIyNDQ5","tenant":"vsphere.local"}

lab.local is native auth.

vra-01a:~ # curl --inication/json' --data '{"username":"gorchard@melb.vmware.local", "password":"blah","tenant":"roles"}' https://vra-01a.lab.local/identity/api/tokens

{"expires":"2016-01-21T15:18:13.000Z","id":"MTQ1MzM2MDY5Mzc1MDozYzU0MGNlNDRmNTlkYjc2YjFlYzp0ZW5hbnQ6cm9sZXN1c2VybmFtZTpnb3JjaGFyZEBtZWxiLnZtd2FyZS5sb2NhbGV4cGlyYXRpb246MTQ1MzM4OTQ5MzAwMDowYzUxOGU5MGNhY2RmYWEwM2ZjYWNiOGFhMjQ4NGJkNzZkYmY2YTBkOGFiNzFlZmRmNWRjZjc3M2ZlYTVjMWEzNjA0NWZkYzZmNWVmZGRmMDA4YTVlMTA4ZjJkMTZmNjU4OGNjYWVlNTEwMjcxZjQ5ZmQyMTBjY2M3OWU1NTlkZg==","tenant":"roles"}

melb.vmware.local is AD over LDAP.

I was able to get the error you suggest through a typo on my behalf (vsphere.ocal instead of vsphere.local):

curl --insecure -H "Accept: application/json" -H 'Content-Type: application/json' --data '{"username":"tony@lab.local", "password":"blah","tenant":"vsphere.ocal"}' https://vra-01a.lab.local/identity/api/tokens

{"errors":[{"code":90135,"message":"Unable to authenticate user tony@lab.local in tenant vsphere.ocal.","systemMessage":"90135-Unable to authenticate user tony@lab.local in tenant vsphere.ocal.","moreInfoUrl":null}]}

EDIT: I just realised that for the tenant value I used the URL value defined in tenant creation. Not sure if that helps or not.

Hi Grant,

Thanks for the reply. Everything seems to be correct but I still hit the issue. What kind of privileges does the user gorchard@melb.vmware.local have?

I was wondering if there is an option to specifically enable REST authentication to the user as such.

Thanks

It has tenant admin, but anyone should be able to get a token - authentication and authorization are two different functions.

Let me create a user with no system privileges and validate.

Grant

Hi Grand,

My user has tenant admin privileges. Are there any logs that I can check?

Thanks

Open up catalina.out and check the logs when you submit the API call.

Can you share the value you are using for the tenant or is that sensitive? I'm just wondering if it's not recognising the tenant value correctly.

Grant

I am having the same problem. Do you have the problem resolved?

My finding is:

I can successfully get the token from all local users, "vsphere.local" tenant or "inf" which I created with AD direcotory. But as soon as I put a username from the domain like "ken.woo@mylab.com". It returns 90135 error. The user name can login to vra portal and request an item.

The similar JSON data works in v6.2. But after deploying a v7, it does not work any more. Here is a list of what work and what don't in my lab:

working credential:

{

"username":"tenantinf",

"password":"admin123",

"tenant":"inf"

}

{

"username":"tenantinf@vsphere.local",

"password":"admin123",

"tenant":"inf"

}

{

"username":"tenantadmin",

"password":"admin123",

"tenant":"vsphere.local"

}

don't work

{

"username":"ken.woo@mylab.com",

"password":"admin",

"tenant":"inf"

}

{

"username":"ken.woo@mylab.com",

"password":"admin123",

"tenant":"inf"

}    

{

"username":"ken.woo@mylab",

"password":"admin",

"tenant":"inf"

}

{

"username":"ken.woo",

"password":"admin",

"tenant":"inf"

}

I have the same issue, I can get a token for local users but when I try the same request with an AD users I get the response below, my user is a Tenant Admin, Did anyone get a fix for this?

{

  "errors": [

    {

      "code": 90135,

      "message": "Unable to authenticate user user@ad-domain.local in tenant vsphere.local.",

      "systemMessage": "90135-Unable to authenticate user user@ad-domain.local in tenant vsphere.local.",

      "moreInfoUrl": null

    }

  ]

}

I know the original post on this one is older, but I just ran into a similar issue and this KB fixed it for me:

https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=21461...

Turns out the identity provider hostname value needed to be updated to the LB hostname.