Cannot login with domain accounts to Management Portal in VIC 1.4.3
Tal8JB opened this issue · 5 comments
Attempting to login to the Management Portal on port 8282 with domain account from the VIC 1.4.3 OVA results in the ERR_INVALID_RESPONSE error shown in the attached screen shot in Chrome.
Logging in with @vsphere.local accounts works as expected.
-
Steps to reproduce
- Deploy 1.4.3 OVA
- Follow the Getting Started instructions from port 9443
- Click on link for Management Portal
- Login to vCenter SSO with Active Directory domain account
Redirect request size from PSC:
I did some tests, but the size of the token varies based on the number of groups and their names, from the certificate chain too.
With a user member of 350 nested groups, the size of the request was 59K and the login was successful still painfully slow (~2min). Attempt with 400 groups reproduces the reported behaviour as
the vSphere's PSC is 'overloaded' and timeouts.
The single workaround I see for now is working with principals with less groups.
Yes, domain accounts that have less groups membership are working fine.
Thanks for the help @lazarin
In VIC 1.5.1 the limits were raised, but the SSO token exchange with PSC is still slow and could take minutes.