Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

vCenter Orchestrator does not provide authentication credentials through REST to vShield (2036210)

Symptoms

  • vCenter Orchestrator (vCO) does not provide authentication credentials through REST to vShield.

  • Running a REST operation on vShield returns:

    • Status Code 403
    • HTTP Status 403 - Authorization Header not present
    • Access to the specified resource (Authorization Header not present.) has been forbidden

Cause

This issue occurs because the server does not reply with a WWW-Authenticate header. For example, a possible value for this header is "WWW-Authenticate: Basic realm=" followed by the realm name.

Due to the absence of this header, the REST plug-in determines that no authentication is required and the Authenticate header is not set.

Resolution

This is a known issue, and is being reviewed by VMware.

This article will be updated as information becomes available.


To work around this issue:


Set JavaScript access to Java classes:

Notes:
  • These steps describe the process for the vCenter Orchestrator Appliance, but the process is similar for Windows-based systems.
  • For more information on this part of the procedure, see Set JavaScript Access to Java Classes in the VMware vSphere 5.1 Documentation Center.
  1. Enable SSH access on the Appliance. For more information, see Enable or Disable SSH Administrator Login on the vCenter Orchestrator Appliance in the vCenter Orchestrator 5.1 Documentation.

    Note: The default username and password is root/vmware.

  2. Create a Java shutter file:

    1. Connect to the Appliance via SSH.
    2. Navigate to:

      /opt/vmo/app-server/server/vmo/conf/

    3. Using a text editor, create a file named java_shutter_file in this directory.
    4. Add these lines to the file, and ensure each is on its own line and does not contain spaces:

      org.apache.commons.codec.binary.Base64
      java.lang.String

    5. Save and close the file.
    6. In the same directory, open the vmo.properties file in a text editor.
    7. Append this line to the end of the file:

      com.vmware.scripting.rhino-class-shutter-file=/opt/vmo/app-server/server/vmo/conf/java_shutter_file

    8. Save and close the file.

  3. Restart the vCenter Orchestrator Server from the vCenter Orchestrator configuration interface.

    After completing these steps, the two Java classes defined in step 2-d can be used directly in the JavaScript.

Import and use the package which is attached to this article:

In the package there are two workflows that replace the original library calls:
  • Invoke a vShield REST Host: This directly invokes a REST call on a host.
  • Invoke a vShield REST operation: This invokes a predefined REST operation on a host.
Use these calls instead of the original library calls.


Create a vShield host using these parameters:
  • URL format: https://10.131.64.160/api
  • Authorization: Basic
  • Shared Session
  • username/password
Once the host is created, you can either directly invoke a REST call using the Invoke a vShield REST Host workflow, or you can define operations for the host and use the Invoke a vShield REST operation workflow.


Additional Information

To be alerted when this article is updated, click Subscribe to Document in the Actions box.

Attachments

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 0 Ratings
Actions
KB: