VMware Cloud Community
MaxB
Enthusiast
Enthusiast
Jump to solution

vRO REST authentication with vRA Bearer Token fails

Hey community,

I have a problem in my environment authenticating against the vRO REST API with a Bearer-Token which was request from vRA.

Since last week we have a standalone vRO configured with authentication source "vRealize Automation".

Test Connection in the controlcenter always suceed and login into the vRO Client succeeds aswell.

I wrote a PowerShell script which gets a bearer token from vRA by this code:

$body = '{"username" : "ThatsMyUser", "password" : "ThatsMySecretPassword", "tenant" : "vsphere.local"}'

$response = Invoke-Webrequest -Uri https://vRA-Loadbalancer.com/identity/api/tokens -Method POST -Headers @{"accept"="application/json"} -Body $body -ContentType "application/json"

$content = response | ConvertFrom-Json

$id = $content.id

It returns a ID and if we validate it the vRA Rest API returns that it´s valid (mentioned here: https://docs.vmware.com/en/vRealize-Automation/7.3/com.vmware.vra.programming.doc/GUID-45E4204A-4E9C... )

So authentication against the vRO REST should work... I guess

Now I tried to simply list all packages in vRO by this code:

$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"

$headers.Add("Authorization", "Bearer " + $id)  # $id is the same as returned by the upper code

$headers.Add("accept","application/json")

Invoke-Webrequest -Uri https://vRO-Appliance.com:8281/vco/api/packages -Method GET -Headers $headers

And it returns and error "401 Unauthorized" ... And I have no clue why.

I tried the same in different languages... vRO itself, C# and PowerShell.

Anyone have a suggestion? ´This made me kinda crazy over the last few days.

additional note: I hope there are no typos in the PowerShell code... copy paste didn´t work argh... yes each url is typed by myself

1 Solution

Accepted Solutions
MaxB
Enthusiast
Enthusiast
Jump to solution

Hi,

i installed PowerShell core and tried it again.

It works for me now and throws no more errors.

Additional for testing i set the parameter "com.vmware.011n.sso.basi-authentication.enabled = true" in the vmo.properties file on the vco.

The file is stored in /etc/vco/app-server/

View solution in original post

Reply
0 Kudos
5 Replies
iiliev
VMware Employee
VMware Employee
Jump to solution

Hi,

Try to get a token as described here - https://kb.vmware.com/s/article/2148518

Reply
0 Kudos
MaxB
Enthusiast
Enthusiast
Jump to solution

Hi,

it still fails with the procedure mentioned in the kb.

I got the following error:

Invoke-Webrequest: The underlying connection was closed: An unexpected error occurred on a send.

Reply
0 Kudos
iiliev
VMware Employee
VMware Employee
Jump to solution

Hi,

Could you check if it works with some other REST client, like curl or Postman? I tested the folowing in my environment and it seemed to work (I got an error similar to yours when trying to call it with PowerShell):

curl -ikv -H "Authorization: Bearer ..." -X GET https://vro-appliance:8281/vco/api/packages

MaxB
Enthusiast
Enthusiast
Jump to solution

Hi,

it seems to work in Postman (the way mentioned in the KB). But only if I disable certificate validation.

Any idea how to bring this to a programming / scripting language?

Sadly it fails in PowerShell.

Reply
0 Kudos
MaxB
Enthusiast
Enthusiast
Jump to solution

Hi,

i installed PowerShell core and tried it again.

It works for me now and throws no more errors.

Additional for testing i set the parameter "com.vmware.011n.sso.basi-authentication.enabled = true" in the vmo.properties file on the vco.

The file is stored in /etc/vco/app-server/

Reply
0 Kudos