Unauthorized (401) error when login into vcloud tenant

Hello there,

I have configured Okta OIDC with vCloud Director. I have a problem in login into the tenant portal. It throws the below error

Problem accessing /login/oauth. Reason:


However the okta system log shows that the " OIDC access token is granted success " . Could you suggest to resolve this error?

Do you happen to know how vCloud Director validates the token? I’m wondering if the validation they are doing is failing, resulting in the user being considered unauthorized based on the token they received.

Either the token doesn’t contain certain expected/required information for this integration, or, another possibility, the token validation itself isn’t working due to limitations such as this one: Signature Validation Failed on Access Token | Okta Help Center

I dont have an idea as to how vcloud director validates the token. I had configured okta OIDC with different vcloud version before. I am not sure why there is a problem this time. Do I need to enable/disable specific option in Okta to check whether works or not?

Just for thought. I have the same Okta account (same user email) configured with 2 different applications and each application was integrated with 2 different vcloud versions. Will that make any difference here? Should we have a dedicated user and app for every vcloud or any other app ?

No settings that I can think of on our side. If the integration has worked before, could there be something different about how this one is configured?

And its hard to say if multiple apps/vcloud versions would cause this behavior. Are you able to get more information from the vendor about what’s causing this error?

As far as I know the configuration settings were exactly same for those two setups. I haven’t checked with vcloud team yet.

Not sure if you managed to solve this.
This error occurs when the claims mapping between vCD and Okta is incorrect.
Make sure that you have subject mapped correctly