Skip to main content

 

IdP Misconfiguration Causing vIDM Login Failures with OAuth2 "The error message displayed is: https://load-balancer/hc/error."


Issue/Introduction

This article addresses intermittent login failures encountered by users in a vIDM  environment utilizing OAuth2 authentication with a load balancer. 

Environment

VMware Identity Manager 3.3.7 

Cause

The intermittent login failures likely stem from a mismatch between the Vidm Connector hostname configured in the Identity Provider (IdP) and the actual hostname used by the load balancer.

Resolution

Scenario 1: Single Connector, VIP Address:

Update IdP Configuration:

Ensure the vIDM Connector hostname (e.g., myconnector.mycompany.com) is configured in the IdP for OAuth2 client settings, not the load balancer hostname (e.g., mylb.mycompany.com).

The IdP was configured with the VIP address of the load balancer instead of the individual vIDM Connector hostname.
This can lead to login failures if the user is directed to a vIDM Connector not configured in the IdP.

Scenario 2: Multiple Connectors, Single Connector Added:

Add All Connectors to IdP (if applicable):
If your environment utilizes multiple vIDM Connectors behind the load balancer, verify that all connectors are registered in the IdP for OAuth2 client settings. This ensures users can be directed to any available connector for authentication.

How to add the connector to IDP: ADD connectors

Additional Information

The provided information suggests that initially only one connector was added to the IdP with the VIP address. This configuration can cause login failures for users directed to non-configured connectors.

Labels:

Comments

Post a Comment

Popular posts from this blog

  Issue with Aria Automation Custom form Multi Value Picker and Data Grid https://knowledge.broadcom.com/external/article?articleNumber=345960 Products VMware Aria Suite Issue/Introduction Symptoms: Getting  error " Expected Type String but was Object ", w hen trying to use Complex Types in MultiValue Picker on the Aria for Automation Custom Form. Environment VMware vRealize Automation 8.x Cause This issue has been identified where the problem appears when a single column Multi Value Picker or Data Grid is used. Resolution This is a known issue. There is a workaround.  Workaround: As a workaround, try adding one empty column in the Multivalue picker without filling the options. So we can add one more column without filling the value which will be hidden(there is a button in the designer page that will hide the column). This way the end user will receive the same view.  
Post a Comment
Read more

57 Tips Every Admin Should Know

Active Directory 1. To quickly list all the groups in your domain, with members, run this command: dsquery group -limit 0 | dsget group -members –expand 2. To find all users whose accounts are set to have a non-expiring password, run this command: dsquery * domainroot -filter “(&(objectcategory=person)(objectclass=user)(lockoutTime=*))” -limit 0 3. To list all the FSMO role holders in your forest, run this command: netdom query fsmo 4. To refresh group policy settings, run this command: gpupdate 5. To check Active Directory replication on a domain controller, run this command: repadmin /replsummary 6. To force replication from a domain controller without having to go through to Active Directory Sites and Services, run this command: repadmin /syncall 7. To see what server authenticated you (or if you logged on with cached credentials) you can run either of these commands: set l echo %logonserver% 8. To see what account you are logged on as, run this command: ...
Post a Comment
Read more
  The Guardrails of Automation VMware Cloud Foundation (VCF) 9.0 has redefined private cloud automation. With full-stack automation powered by Ansible and orchestrated through vRealize Orchestrator (vRO), and version-controlled deployments driven by GitOps and CI/CD pipelines, teams can build infrastructure faster than ever. But automation without guardrails is a recipe for risk Enter RBAC and policy enforcement. This third and final installment in our automation series focuses on how to secure and govern multi-tenant environments in VCF 9.0 with role-based access control (RBAC) and layered identity management. VCF’s IAM Foundation VCF 9.x integrates tightly with enterprise identity providers, enabling organizations to define and assign roles using existing Active Directory (AD) groups. With its persona-based access model, administrators can enforce strict boundaries across compute, storage, and networking resources: Personas : Global Admin, Tenant Admin, Contributor, Viewer Projec...
Post a Comment
Read more