Hello,
One of the user is not able to login to VCAC 6.0 User interface and i am not able to find or locate any abnormal behavior in Catalina.out logs for SSO and VCAC appliance.
Issue is : User login to the Portal using their AD credential who actually have Tenant Admin Privileges, the login process creates a token for the login and returns a valid message but user is not able to login since he again get the login page which actually does not display any sort of error, however, if he tries to put some random password, UI throws error "Username or Password Invalid"
When i tried login to the same portal from his same computer, i could able to login and when he also tries to login to Portal using my Computer, login behavior is same (i.e. Process the credentials and then reload the login page).
I am sure i am not able to reach a place where i might get the log for the error or cause for the issue, but i need your expert help to figure it out.
Need your help!! Thanks in Advance
Br,
MG
The issue turned out to be with LDAP where user was a member of a group which has Trailing White Spaces and preventing user to logon. this is kinda wired , why the hack vCAC is looking into LDAP user attributes and enumerate then to a log file..just for free!!!!!
However fixing the group by removing Trailing white space, user is all Happy and so am i...
Br,
MG
Can you check if there is any error under
Infrastructure > Monitoring > Audit Log Viewer?
I do not see any logs over there...and it is also not supposed to show such logs does it?
I am still not able to figure out which this particular user is not able to login to the VCAC however others can!!!
Br,
MG
Are you both logging into the same tenant? That behaviour describes the experience of the time bomb issue, which is tenant specific.
Grant
Yes we are both try login to same Tenant... infact we have only one Tenant which Default vsphere.local.. We have two different environment with similar configuration and issue is same in both setup.
BTW what is Time Bomb issue?.... just FYI. we had checked the time sync which are in sync with time server.
Br,
MG
Ok... if you're the same tenant then this is just plain weird.
Are you both logging in with the same format ie domain\username or username@domain?
Can you get them to try and login, then grab a tail of /storage/log/vmware/vcac/catalina.out ?
Grant
How many AD groups is the user a member of?
We had a similar issue in 6.0 where if the user was a member of too many groups, the SAML token broke (i.e., it was too large to handle). I believe this was corrected in one of the updates.
Also, take a look at this:
http://vcdx56.com/2014/04/22/can-not-login-to-vcloud-automation-center/
The issue turned out to be with LDAP where user was a member of a group which has Trailing White Spaces and preventing user to logon. this is kinda wired , why the hack vCAC is looking into LDAP user attributes and enumerate then to a log file..just for free!!!!!
However fixing the group by removing Trailing white space, user is all Happy and so am i...
Br,
MG