Hi everybody,
I'm using a vCO appliance running version 5.5.2.1 build 2179237 in my lab. This appliance uses SSO for authentication. When I try to login with a user from my Active Directory Domain, I get the message that the password or the username are invalid. At the same time this is logged by the vCO appliance:
INFO {} [SamlTokenImpl] SAML token for SubjectNameId [value=Administrator@LAB.LOCAL, format=http://schemas.xmlsoap.org/claims/UPN] successfully parsed from Element
INFO {} [SamlTokenImpl] SAML token for SubjectNameId [value=Administrator@LAB.LOCAL, format=http://schemas.xmlsoap.org/claims/UPN] successfully parsed from Element
INFO {} [SecurityTokenServiceImpl] Successfully acquired token for user: Administrator@lab.local
INFO {} [SecurityTokenServiceImpl$RequestResponseProcessor] Failed trying to retrieve token: ns0:InvalidRequest: Access not authorized!
ERROR {} [VcoFactoryFacade] Unable to login (Ex: javax.security.auth.login.LoginException: SSO server error)
The user account "Administrator@lab.local" is member of the group "Lab-vCO-Admins", which is configured as vCO admin group. When I use the same credentials on the VMware vCenter Orchestrator Configuration Test Login page, the authentication is successful. To complete the matter let me clearly state, that everything was working BEFORE I updates the appliance from 5.5.1.0 build 1617225 to 5.5.2.1 build 2179237.The vCenter Server appliance is currently running version 5.5.0 Update 2.
Thanks in advance.
Hello Joerg,
thanks for your reply. Unfortunately this wasn't the solution. I was able to solve the issue by unregister and re-register the Orchestrator with SSO, followed by a restart of the vCO configuration server and vCO Server service. Don't know why I didn't tried this earlier...
Thanks for your help!
Hi Patrick,
welcome to this part of the communities 🙂
Check out this: (from the release notes of vCO 5.5.2)
Invalid username/password
. %INSTALL_DIR%/apps/lib/bcprov-jdk15.jar
file and delete it manually.Cheers,
Joerg
Hello Joerg,
thanks for your reply. Unfortunately this wasn't the solution. I was able to solve the issue by unregister and re-register the Orchestrator with SSO, followed by a restart of the vCO configuration server and vCO Server service. Don't know why I didn't tried this earlier...
Thanks for your help!
Ran into the same issue here after upgrading vRO from 5.5.1 to 5.5.2.1 - logins did not work until I re-registered vRO against our SSO server. I am using the vRO appliance.
Just want to clarify why this is happening. This is caused by change in the way Orchestrator is working with SSO. The reason for not working authentication is that orchestrator solution user is not part of ActAsUsers group in SSO after upgrade. This is new to 5.5.2. If you add Orchestrator solution user to that group through vSphere Web Client, you will be able to login to Orchestrator Client. After registering Orchestrator again to SSO newly created solution user was added as member of that group and thats why you are able to login
I had the same issue - resolved by the service restart and SSO un/reconfigure. Looks like a common issue in this implementation.