Could not parse tenant request java.lang.IllegalStateException: Issuer not recognized

Updated: Apr 24


After External vRealize Orchestrator 8.x upgrade to 8.4.2 , Users were unable to launch vRO UI , it fails with HTTP 400 response


*** vco-server-app.log *** 

2021-08-04T08:06:34.280Z WARN vco [host='vco-app-6df77fc467-tfzvt' thread='http-nio-8280-exec-2' user='-' org='-' trace='-'] {} com.vmware.identity.websso.client.SiteAffinity - Failed to init CdcSession. likely due to missing vmafd jar. Message: com/vmware/identity/cdc/CdcFactory

2021-08-04T08:06:34.280Z INFO vco [host='vco-app-6df77fc467-tfzvt' thread='http-nio-8280-exec-2' user='-' org='-' trace='-'] {} com.vmware.identity.websso.client.endpoint.SsoRequestSender - Added Renewable condition

2021-08-04T08:06:34.280Z INFO vco [host='vco-app-6df77fc467-tfzvt' thread='http-nio-8280-exec-2' user='-' org='-' trace='-'] {} com.vmware.identity.websso.client.endpoint.SsoRequestSender - Added Delegable condition

2021-08-04T08:06:34.280Z INFO vco [host='vco-app-6df77fc467-tfzvt' thread='http-nio-8280-exec-2' user='-' org='-' trace='-'] {} com.vmware.identity.websso.client.endpoint.SsoRequestSender - Destination URL: https://<<vrofqdn>>/websso/SAML2/SSO/vsphere.local


*** vCenter Logs ***

[2021-08-04T08:01:54.451Z tomcat-http--4 vsphere.local    7c66102f-55ad-44c6-b46f-235b056d20d0 ERROR com.vmware.identity.BaseSsoController] Could not parse tenant request java.lang.IllegalStateException: Issuer not recognized
[2021-08-04T08:01:54.451Z tomcat-http--4 vsphere.local    7c66102f-55ad-44c6-b46f-235b056d20d0 INFO com.vmware.identity.samlservice.impl.SAMLAuthnResponseSender] Responded with ERROR 400 message Issuer not recognized
[2021-08-04T08:01:54.451Z tomcat-http--4 vsphere.local    7c66102f-55ad-44c6-b46f-235b056d20d0 INFO com.vmware.identity.BaseSsoController] End processing SP-Initiated SSO response. Session was created.
[2021-08-04T08:06:34.335Z tomcat-http--5 vsphere.local    e1c95121-03fc-4d95-afc8-2a82e4e46499 INFO com.vmware.identity.SsoController] Welcome to SP-initiated AuthnRequest handler! The client locale is en_US, tenant is vshere.local
[2021-08-04T08:06:34.335Z tomcat-http--5 vsphere.local    e1c95121-03fc-4d95-afc8-2a82e4e46499 INFO com.vmware.identity.




For remediation , go ahead and perform re-authentication. Post that it would restart the services of vco-server.


Wait till its complete and then check the URL, it should be opening now and working






57 views0 comments