VMware Aria Automation Orchestrator

Hello,

i am trying to obtain a HoK token that is required by vRO in order to utilize the vRO Rest api. I have downloaded the SDK , and used the java sample trying to obtain the HoK

VC 6.7 latest update , 2 in 1 PSC and VC on the same appliance.

I tried to do the same what was described in this post:

vCO api and Authentication

D:\sdk67\VMware-vSphere-SDK-6.7.0-14379537\SDK\ssoclient\java\JAXWS>build.bat

Adding vim25.jar.....

1 File(s) copied

compiling samples.....

Generating compiled samples jar.....

Cleaning up.....

Generating javadocs.....

Build complete.....

D:\sdk67\VMware-vSphere-SDK-6.7.0-14379537\SDK\ssoclient\java\JAXWS>goto EOF

D:\sdk67\VMware-vSphere-SDK-6.7.0-14379537\SDK\ssoclient\java\JAXWS>run.bat com.vmware.sso.client.samples.AcquireHoKTokenByUserCredentialSample https://vc001.greg.labs:7444/ims/STSService administrator@vsphere.local VMware1!

JAVAHOME not defined. Must be defined to run java apps.

Done.

D:\sdk67\VMware-vSphere-SDK-6.7.0-14379537\SDK\ssoclient\java\JAXWS>set JAVAHOME=C:\Program Files\Java\jdk1.8.0_251

D:\sdk67\VMware-vSphere-SDK-6.7.0-14379537\SDK\ssoclient\java\JAXWS>run.bat com.vmware.sso.client.samples.AcquireHoKTokenByUserCredentialSample https://vc001.greg.labs:7444/ims/STSService administrator@vsphere.local VMware1!

Aquiring a HoK token by using user credentials, use the pre-generated private key and certificate

Loading X509 Certificate from D:\sdk67\VMware-vSphere-SDK-6.7.0-14379537\SDK\ssoclient\java\JAXWS/cert/sdk.crt...

Exception in thread "main" com.sun.xml.internal.ws.client.ClientTransportException: The server sent HTTP status code 500: null

        at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.createResponsePacket(HttpTransportPipe.java:266)

        at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:217)

        at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:130)

        at com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:124)

        at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:1121)

        at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:1035)

        at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:1004)

        at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:862)

        at com.sun.xml.internal.ws.client.Stub.process(Stub.java:448)

        at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(SEIStub.java:178)

        at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:93)

        at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:77)

        at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:147)

        at com.sun.proxy.$Proxy39.issue(Unknown Source)

        at com.vmware.sso.client.samples.AcquireHoKTokenByUserCredentialSample.getToken(AcquireHoKTokenByUserCredentialSample.java:234)

        at com.vmware.sso.client.samples.AcquireHoKTokenByUserCredentialSample.main(AcquireHoKTokenByUserCredentialSample.java:282)

Done.

Any idea what went wrong , or what is the proper way to obtain the HoK token ?

if i would run the url in browser https://vc001.greg.labs:7444/ims/STSService  , i also get internal server error 500.

also tried the dotnet version same result

:\sdk67\VMware-vSphere-SDK-6.7.0-14379537\SDK\ssoclient\dotnet\cs\samples\AcquireHoKTokenByHoKTokenSample\bin\Debug>AcquireHoKTokenByUserCredentialSample.exe  https://vc001.greg.labs:7444/ims/STSService administrator@vsphere.local VMware1!

System.ServiceModel.ProtocolException: Typ zawartości text/html;charset=utf-8 komunikatu odpowiedzi nie zgadza się z typem zawartości powiązania (text/xml; charset=utf-8). Jeśli używasz niestandardowego kodera, upewnij się, czy metoda IsContentTypeSupported jest zaimplementowana poprawnie. Pierwsze 820 bajtów odpowiedzi to: "<!doctype html><html lang="en"><head><title>HTTP Status 500 - Internal Server Error</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 500 - Internal Server Error</h1></body></html>". ---> System.Net.WebException: Serwer zdalny zwrócił błąd: (500) Wewnętrzny błąd serwera.

   w System.Net.HttpWebRequest.GetResponse()

   w System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)

   --- Koniec śladu stosu wyjątków wewnętrznych ---

Server stack trace:

   w System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory`1 factory, WebException responseException, ChannelBinding channelBinding)

   w System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)

   w System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)

   w System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)

   w System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)

   w System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)

   w System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:

   w System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)

   w System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)

   w vmware.sso.STSService_PortType.Issue(IssueRequest request)

   w vmware.sso.STSService_PortTypeClient.vmware.sso.STSService_PortType.Issue(IssueRequest request)

   w vmware.sso.STSService_PortTypeClient.Issue(RequestSecurityTokenType RequestSecurityToken)

   w AcquireHoKTokenByUserCredentialSample.AcquireHoKTokenByUserCredential.GetToken(String[] args) w D:\sdk67\VMware-vSphere-SDK-6.7.0-14379537\SDK\ssoclient\dotnet\cs\samples\AcquireHoKTokenByUserCredentialSample\AcquireHoKTokenByUserCredential.cs:wiersz 107

Wyjątek nieobsłużony: System.ServiceModel.ProtocolException: Typ zawartości text/html;charset=utf-8 komunikatu odpowiedzi nie zgadza się z typem zawartości powiązania (text/xml; charset=utf-8). Jeśli używasz niestandardowego kodera, upewnij się, czy metoda IsContentTypeSupported jest zaimplementowana poprawnie. Pierwsze 820 bajtów odpowiedzi to: "<!doctype html><html lang="en"><head><title>HTTP Status 500 - Internal Server Error</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 500 - Internal Server Error</h1></body></html>". ---> System.Net.WebException: Serwer zdalny zwrócił błąd: (500) Wewnętrzny błąd serwera.

   w System.Net.HttpWebRequest.GetResponse()

   w System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)

   --- Koniec śladu stosu wyjątków wewnętrznych ---

Server stack trace:

   w System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory`1 factory, WebException responseException, ChannelBinding channelBinding)

   w System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)

   w System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)

   w System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)

   w System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)

   w System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)

   w System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:

   w AcquireHoKTokenByUserCredentialSample.AcquireHoKTokenByUserCredential.GetToken(String[] args) w D:\sdk67\VMware-vSphere-SDK-6.7.0-14379537\SDK\ssoclient\dotnet\cs\samples\AcquireHoKTokenByUserCredentialSample\AcquireHoKTokenByUserCredential.cs:wiersz 119

   w AcquireHoKTokenByUserCredentialSample.AcquireHoKTokenByUserCredential.Main(String[] args) w D:\sdk67\VMware-vSphere-SDK-6.7.0-14379537\SDK\ssoclient\dotnet\cs\samples\AcquireHoKTokenByUserCredentialSample\AcquireHoKTokenByUserCredential.cs:wiersz 151

Hi,

I'm not sure that https://vc001.greg.labs:7444/ims/STSService is a correct URL to STS service (at least for versions newer than 5.1).

Could you try with https://vc001.greg.labs:7444/sts/STSService instead?

Once again Ilian , you are spot on ! i thought i had something wrong with the url, but i did not which part was wrong :/ i just use the one form the wsdl url template

https://localhost:8444/ims/STSService

and just changed my hostname and port to 7444.

I also tried to look for it via lookupservice https://vc001.greg.labs/lookupservice/mob?moid=ServiceRegistration&method=List  but could not find anything, clearly that's wrong lead.

Any idea how one can check for this on its own here is his STSservice registered ?

Again , i can't stress it enough, i am so helpful for you help ! i spent half day today on this...

thank you soooo much

What do you mean by 'could not find anything'? All services' registration information is discoverable via lookup service and visible in its MOB, including STS.

I mean, that i thought i would find the correct port there, but i could not find it.

All registrations should be there.

What URL do you see registered for endpoint type com.vmware.cis.cs.identity.sso ? Whatever URL is registered for this endpoint type, it should be valid.

i have https://vc001.greg.labs/sts/STSService/vsphere.local  under that node.

It's just that i was searching for 7444, that's what i meant by 'not finding it' , i was counting that i would just find it  via port name.

Port numbers may change depending on vCenter version.

Could you check whether your code works if you don't specify the port 7444 explicitly (in this case, it should use the port 443 which is the default port for HTTPS)?

will check and report back,  (had to swap computers) and need to install sdk again.