Solved: Can't login with Orchestrator Client

blazilla · ‎11-23-2014

Hi everybody,

I'm using a vCO appliance running version 5.5.2.1 build 2179237 in my lab. This appliance uses SSO for authentication. When I try to login with a user from my Active Directory Domain, I get the message that the password or the username are invalid. At the same time this is logged by the vCO appliance:

INFO {} [SamlTokenImpl] SAML token for SubjectNameId [value=Administrator@LAB.LOCAL, format=http://schemas.xmlsoap.org/claims/UPN] successfully parsed from Element

INFO {} [SecurityTokenServiceImpl] Successfully acquired token for user: Administrator@lab.local

INFO {} [SecurityTokenServiceImpl$RequestResponseProcessor] Failed trying to retrieve token: ns0:InvalidRequest: Access not authorized!

ERROR {} [VcoFactoryFacade] Unable to login (Ex: javax.security.auth.login.LoginException: SSO server error)

The user account "Administrator@lab.local" is member of the group "Lab-vCO-Admins", which is configured as vCO admin group. When I use the same credentials on the VMware vCenter Orchestrator Configuration Test Login page, the authentication is successful. To complete the matter let me clearly state, that everything was working BEFORE I updates the appliance from 5.5.1.0 build 1617225 to 5.5.2.1 build 2179237.The vCenter Server appliance is currently running version 5.5.0 Update 2.

Thanks in advance.

Best regards Patrick https://www.vcloudnine.de

blazilla · ‎11-24-2014

Hello Joerg,

thanks for your reply. Unfortunately this wasn't the solution. I was able to solve the issue by unregister and re-register the Orchestrator with SSO, followed by a restart of the vCO configuration server and vCO Server service. Don't know why I didn't tried this earlier...

Thanks for your help!

Best regards Patrick https://www.vcloudnine.de

View solution in original post

tschoergez · ‎11-23-2014

Hi Patrick,

welcome to this part of the communities 🙂

Check out this: (from the release notes of vCO 5.5.2)

After upgrading vCenter Orchestrator to 5.5.2, you might not be able to log in to the Orchestrator client
When you attempt to log in to the Orchestrator client after upgrading to vCenter Orchestrator 5.5.2, you might get an error message Invalid username/password.

Workaround: Back up the %INSTALL_DIR%/apps/lib/bcprov-jdk15.jar file and delete it manually.

Cheers,

Joerg

blazilla · ‎11-24-2014

Hello Joerg,

thanks for your reply. Unfortunately this wasn't the solution. I was able to solve the issue by unregister and re-register the Orchestrator with SSO, followed by a restart of the vCO configuration server and vCO Server service. Don't know why I didn't tried this earlier...

Thanks for your help!

Best regards Patrick https://www.vcloudnine.de

schistad · ‎01-20-2015

Ran into the same issue here after upgrading vRO from 5.5.1 to 5.5.2.1 - logins did not work until I re-registered vRO against our SSO server. I am using the vRO appliance.

ivand · ‎01-20-2015

Just want to clarify why this is happening. This is caused by change in the way Orchestrator is working with SSO. The reason for not working authentication is that orchestrator solution user is not part of ActAsUsers group in SSO after upgrade. This is new to 5.5.2. If you add Orchestrator solution user to that group through vSphere Web Client, you will be able to login to Orchestrator Client. After registering Orchestrator again to SSO newly created solution user was added as member of that group and thats why you are able to login

theclintjones · ‎05-03-2015

I had the same issue - resolved by the service restart and SSO un/reconfigure. Looks like a common issue in this implementation.

All

Can't login with Orchestrator Client