I have used control center to configure Authentication for vRO. I want to try to do the same via REST APIs. Can someone help with what all REST calls have to be made to do the same?
I'm using vRO 7.3 and vCenter 6.5.
It's all accessible via https://<FQDN>:8283/vco-controlcenter/docs/
The API you'll leverage is under /api/authentication.
I tried executing
When the above call was executed, I get response code as '0'.
I wanted to know what are the exact API's call to be made?
This post is old, but I had to do this recently and figuring it out took me a little while on vRO 8.1. It's a 3-step process to configure vRO to use vSphere SSO through the API. First, you create a new VSPHERE configuration with a POST to the endpoint:
/vco-controlcenter/api/authentication/configuration/provider/VSPHERE
The first call should return the ID of the new connection and some JSON that describes the new connection, although it's initially just an empty template. Update the JSON as needed with your SSO endpoint URL and credentials. Then POST the JSON body to the following endpoint, where <ID> is from the first request result:
/vco-controlcenter/api/authentication/configuration/<ID>
You commit the change to vRO with a final POST of the same JSON body to the endpoint:
/vco-controlcenter/api/authentication/configuration/<ID>/finish
I'm guessing you could also post the updated JSON body to the "finish" endpoint without the intermediate post. It looks like the intermediate step is present to enable building the configuration incrementally?
Hi Chris0976,
Many thanks for the reply here in this thread, seems like this is the only place to clarify the topic,
I'm currently trying to configure the vRO 7.5 authentication provider following your steps:
- POST call to /vco-controlcenter/api/authentication/configuration/provider/VSPHERE, getting the session ID
- POST call to /vco-controlcenter/api/authentication/configuration/<ID> putting the username, password, Center URL and preserved <ID> to JSON body. Here I'm getting an error:
"Exception occurred. Details: JSON parse error: Could not resolve type id 'authProvider' into a subtype of [simple type, class com.vmware.o11n.configuration.authentication.Authentication]: known type ids = [Authentication, CAFE, LDAP, SSO, VSPHERE]; nested exception is com.fasterxml.jackson.databind.exc.InvalidTypeIdException: Could not resolve type id 'authProvider' into a subtype of [simple type, class com.vmware.o11n.configuration.authentication.Authentication]: known type ids = [Authentication, CAFE, LDAP, SSO, VSPHERE]\n at [Source: java.io.PushbackInputStream@6415d18; line: 1, column: 2]"
I've checked and double-checked the JSON body for sure and it has valid structure and data:
{
"error": null,
"warning": null,
"id": "<my session ID from initial POST call>",
"providers": [
"CAFE",
"VSPHERE"
],
"authentication": {
"VSPHERE": {
"URL": "<my Center URL>",
"certificateAlias": "vco.vsphere.lookup-service.ssl.certificate",
"username": "administrator@vsphere.local",
"password": "<my password>",
"importCertificates": false,
"configureLicences": true,
"adminGroup": "<my group>",
"adminGroupDomain": "my group's domain",
"defaultTenant": "vsphere.local",
"ssoClockTolerance": 300,
"tokenLifetimeInSeconds": 7776000,
"ssoTokenRenewCount": 5,
"provider": "VSPHERE"
}
},
"state": "NEW",
"certificate": [],
"authProvider": "VSPHERE"
}
Java exception is also caught in /var/log/vco/configuration/controlcenter.log of vRO node:
org.springframework.http.converter.HttpMessageNotReadableException: JSON parse error: Could not resolve type id 'error' into a subtype of [simple type, class com.vmware.o11n.configuration.authentication.Authentication]: known type ids = [Authentication, CAFE, LDAP, SSO, VSPHERE]; nested exception is com.fasterxml.jackson.databind.exc.InvalidTypeIdException: Could not resolve type id 'error' into a subtype of [simple type, class com.vmware.o11n.configuration.authentication.Authentication]: known type ids = [Authentication, CAFE, LDAP, SSO, VSPHERE]
at [Source: java.io.PushbackInputStream@1b9a885b; line: 2, column: 5]
at org.springframework.http.converter.json.AbstractJackson2HttpMessageConverter.readJavaType(AbstractJackson2HttpMessageConverter.java:238)
at org.springframework.http.converter.json.AbstractJackson2HttpMessageConverter.read(AbstractJackson2HttpMessageConverter.java:223)
at org.springframework.web.servlet.mvc.method.annotation.AbstractMessageConverterMethodArgumentResolver.readWithMessageConverters(AbstractMessageConverterMethodArgumentResolver.java:201)
at org.springframework.web.servlet.mvc.method.annotation.RequestResponseBodyMethodProcessor.readWithMessageConverters(RequestResponseBodyMethodProcessor.java:150)
at org.springframework.web.servlet.mvc.method.annotation.RequestResponseBodyMethodProcessor.resolveArgument(RequestResponseBodyMethodProcessor.java:128)
at org.springframework.web.method.support.HandlerMethodArgumentResolverComposite.resolveArgument(HandlerMethodArgumentResolverComposite.java:121)
at org.springframework.web.method.support.InvocableHandlerMethod.getMethodArgumentValues(InvocableHandlerMethod.java:158)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:128)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:97)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:827)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:738)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:967)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:661)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at com.vmware.o11n.controlcenter.web.filter.ThreadContextCleanUpFilter.doFilter(ThreadContextCleanUpFilter.java:33)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:215)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347)
at com.vmware.o11n.controlcenter.security.DynamicSecurityContextFilterBeanProxy.doFilter(DynamicSecurityContextFilterBeanProxy.java:58)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at com.vmware.o11n.controlcenter.web.filter.ServiceUnavailableFilter.doFilter(ServiceUnavailableFilter.java:39)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:685)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650)
at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:240)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:806)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: com.fasterxml.jackson.databind.exc.InvalidTypeIdException: Could not resolve type id 'error' into a subtype of [simple type, class com.vmware.o11n.configuration.authentication.Authentication]: known type ids = [Authentication, CAFE, LDAP, SSO, VSPHERE]
at [Source: java.io.PushbackInputStream@1b9a885b; line: 2, column: 5]
at com.fasterxml.jackson.databind.exc.InvalidTypeIdException.from(InvalidTypeIdException.java:42)
at com.fasterxml.jackson.databind.DeserializationContext.unknownTypeIdException(DeserializationContext.java:1490)
at com.fasterxml.jackson.databind.DeserializationContext.handleUnknownTypeId(DeserializationContext.java:1170)
at com.fasterxml.jackson.databind.jsontype.impl.TypeDeserializerBase._handleUnknownTypeId(TypeDeserializerBase.java:282)
at com.fasterxml.jackson.databind.jsontype.impl.TypeDeserializerBase._findDeserializer(TypeDeserializerBase.java:156)
at com.fasterxml.jackson.databind.jsontype.impl.AsWrapperTypeDeserializer._deserialize(AsWrapperTypeDeserializer.java:104)
at com.fasterxml.jackson.databind.jsontype.impl.AsWrapperTypeDeserializer.deserializeTypedFromObject(AsWrapperTypeDeserializer.java:52)
at com.fasterxml.jackson.databind.deser.AbstractDeserializer.deserializeWithType(AbstractDeserializer.java:209)
at com.fasterxml.jackson.databind.deser.impl.TypeWrappedDeserializer.deserialize(TypeWrappedDeserializer.java:63)
at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:3814)
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2938)
at org.springframework.http.converter.json.AbstractJackson2HttpMessageConverter.readJavaType(AbstractJackson2HttpMessageConverter.java:235)
... 80 more
Any ideas on how to resolve the issue?
Hi,
Did this work for anyone as I have tried suggested steps with no luck.
1.
curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' 'https://<VROHOSATNAME>/vco-controlcenter/api/authentication/configuration/provider/VSPHERE'
Got JSON output.
2. From above tooke the ID - 116fda30-2d65-44d1-8062-852d00a35ef4 and used in
https://<vrofqdn>/vco-controlcenter/api/authentication/configuration/116fda30-2d65-44d1-8062-852d00a35ef4
used with JSON output from step 1 and provided information on password and admin group.
Whatever I do I always get Response Code as 0.
{
"error": "no response from server"
}
3.
https://<vrofqdn>/vco-controlcenter/api/authentication/configuration/d40e4653-321d-45f4-b1fa-fd7ee0bae2d1/finish
Getting JSON output.
It actually not working. Any help with this is much appreciated.
Hi Chris,
I am facing the iosue with this one. I have updated my command in theic chain itself.
Thanks and Regard,
Pankaj
Hi,
Update:
This is working now.
Steps:
1. curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' 'https://vrofqdn/vco-controlcenter/api/authentication/configuration/provider'
This will give and ID which need to be used in next 2 steps.
2. https://ukxvadaip104.uk.dev.net/vco-controlcenter/api/authentication/configuration/<ID from above command>
Use payload in below format
{
"VSPHERE": {
"url": "https://vcenterfqdn/lookupservice/sdk",
"certificateAlias": "vco.vsphere.lookup-service.ssl.certificate",
"username": "vcenteradminaccount",
"password": "vcenteradminpasword",
"importCertificates": false,
"configureLicences": true,
"adminGroup": null,
"adminGroupDomain": null,
"defaultTenant": "vsphere.local",
"ssoClockTolerance": 300,
"tokenLifetimeInSeconds": 7776000,
"ssoTokenRenewCount": 5,
"provider": "VSPHERE"
}
}
3.
curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' 'https://vrofqdn/vco-controlcenter/api/authentication/configuration/<id from 1st step>/finish'