When you deploy a product from vRSLCM its single sign-on link is automatically created in the Identity manager catalog. But if you import an existing vRealize product it will not. Bummer! Or that being said I have not tested importing solutions that already had vIDM configured for authentication without the catalog entry.
Anyways if you have imported an existing product into vRSLCM and you are missing the SSO link in your catalog. This is how I fixed it (don’t know if this is the official way)
First you need to enable login with identity manager for the product you want to configure SSO for. When that is done and working do the following for the different products.
vRealize Network Insight
Right click on the login button and copy the URL. You will get something like the url listed under. You just need to fix the URL in the end to be like mine but with your vRNI link.
For the vROPS I was not able to use get the correct URL in the same way, here I used F12 in Google Chrome and recorded my login. I found the correct URL on the first line “authorize?response_type=…………..” and It should look something like this.
When you got the URL go into your Identity managers Administrator Console and under Catalog and Web Apps create a new web link. In the Configuration menu choose Authentication Type “Web Application Link” and in Target URL insert the URL you copied from vRealize Network Insight login screen.
In vRealize Lifecycle Manager 8.0 VMware introduced “Locker” this is where you store certificates, licenses and passwords. If you for some reason add a password that is wrong or you want to delete an old on you are in trouble. There is no way to delete enries through GUI or CLI. But you can do It through API!
Here is how
First you might need to install a software to do the API calls. I used Postman and you can download here.
When you have installed or if you already have postman, you need to do the following
First you need to insert your credentials in the Authorization tab inside postman and send this POST command. Remember to insert your vRSLCM FQDN address.
If login is successful you will get “Login Successfully” in return.
GET the list of all entries
The GET command will give you a list of all the passwords and they’re vmid. Copy the vmid that you want to delete and use it instead of “vmid” below when you send DELETE command.
Im currently working on a deployment of vRealize Suite Lifecycle Manager 8.0 It was deployed using Easy Installer method. And it has given me a few headaches to be honest. Here is the recipe on how to solve one of those issues.
Replace self-signed certificate
In vRSLCM you can easily replace the self-signed certificate on the vIDM appliance if you have previously imported it into the locker. Just go through the “Replace Certificate” prosess and do the included precheck.
You will probably get the same warning as I did. If you click finish it will replace the certificate and everything looks fine until you try “Trigger Inventory Sync” from vRSLCM. It will fail with the following error:
com.vmware.vrealize.lcm.util.exception.SshAuthenticationFailureException: Cannot execute ssh commands. Please verify the ssh login credentials at com.vmware.vrealize.lcm.util.SshUtils.execute(SshUtils.java:393) at com.vmware.vrealize.lcm.util.SshUtils.runCommand(SshUtils.java:307) at com.vmware.vrealize.lcm.util.SshUtils.runCommand(SshUtils.java:290) at com.vmware.vrealize.lcm.util.SshUtils.runCommand(SshUtils.java:333) at com.vmware.vrealize.lcm.drivers.commonplugin.task.VerifySshConnectionTask.CheckForSshConnection(VerifySshConnectionTask.java:165) at com.vmware.vrealize.lcm.drivers.commonplugin.task.VerifySshConnectionTask.execute(VerifySshConnectionTask.java:125) at com.vmware.vrealize.lcm.drivers.commonplugin.task.VerifySshConnectionTask.retry(VerifySshConnectionTask.java:282) at com.vmware.vrealize.lcm.automata.core.TaskThread.run(TaskThread.java:43) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: java.lang.RuntimeException: Cannot create session for ssh://email@example.com at com.vmware.vrealize.lcm.util.SessionHolder.newSession(SessionHolder.java:57) at com.vmware.vrealize.lcm.util.SessionHolder.<init>(SessionHolder.java:37) at com.vmware.vrealize.lcm.util.SshUtils.execute(SshUtils.java:346) … 10 more Caused by: com.jcraft.jsch.JSchException: Auth fail at com.jcraft.jsch.Session.connect(Session.java:519) at com.vmware.vrealize.lcm.util.SessionHolder.newSession(SessionHolder.java:53) … 12 more
How to fix the issue
1. SSH to vIDM and log in as sshuser. Run the following command to become the root user. su root 2. Edit the file /etc/ssh/sshd_config and change the value of PermitRootLogin to yes PermitRootLogin yes 3. Run the following command to restart the sshd service. service sshd restart
“Trigger Inventory Sync” and it will complete successfully