VMware

Troubleshooting Orchestrator Workflow Failures in Aria Automation Service Broker

Leave a comment

Workaround for Aria Automation REST API Authentication Issues in Orchestrator Extensibility Subscriptions

In a recent development project involving an Extensibility Subscription workflow in Orchestrator, we encountered issues with the Aria Automation CMX REST API authentication when the workflow was invoked from the Aria Automation Service Broker. The resulting error message was “The default Aria Automation host authentication configuration for the session mode is ‘Per User Session’. This leverages the permissions of the account that calls the workflow for authorization in the REST call.”

The root cause of this issue lies in the fact that when an Orchestrator workflow is called from Service Broker, it is executed under the context of the vro-gateway-* user, instead of the requesting user account. This means that the REST call does not have the necessary permissions to collect all information from Aria Automation, leading to the authentication failure.

To resolve this issue, we can use a workflow-level variable to store the requesting user account and pass it as a parameter to the REST API call. This way, we can ensure that the correct user account is used for authentication, avoiding any permission issues.

Here’s the steps to implement this workaround:

1. Create a new workflow-level variable in Orchestrator to store the requesting user account. You can do this by going to the “Variables” tab in the Workflow Designer and clicking the “Add Variable” button.

2. Set the data type of the variable to “User Account”.

3. In the workflow, use the “Get Request User” activity to retrieve the current user account. This activity can be found under the “Web Services” category in the Activity Library.

4. Assign the result of the “Get Request User” activity to the newly created workflow-level variable.

5. In the REST API call, pass the value of the workflow-level variable as a parameter for authentication. This can be done by modifying the REST API call activity to use the variable instead of hardcoding the user account information.

By implementing this workaround, we can ensure that the correct user account is used for authentication when invoking the Extensibility Subscription workflow from the Aria Automation Service Broker. This will resolve the authentication issues and allow the workflow to successfully collect information from Aria Automation.

In conclusion, this blog post has discussed a workaround for Aria Automation REST API authentication issues in Orchestrator Extensibility Subscriptions. By using a workflow-level variable to store the requesting user account and passing it as a parameter to the REST API call, we can ensure that the correct user account is used for authentication, avoiding any permission issues. This solution will help developers resolve similar issues in their own projects and improve the overall functionality of their Orchestrator workflows.

Leave a Reply