VMware Verify uses a cloud service (Authy) to provide its functionality. If you have a cloud hosted VIDM, your VMware Verify authentication adapter (MFAAdapter) comes pre-configured. On the other hand, with on-premise VIDM, you are required to obtain a token from VMware support to enable the feature.
I found myself in a situation where the incorrect token was provided, and it needed to be replaced with a different one. Unfortunately, once you enter the token in the UI and hit save, there is no easy way to clear it out and enter a different one.
The solution is to make an API call and delete the configuration for the MFAAdapter.
In this walkthrough I’ll be using the Postman app to make the API calls. The VIDM version used in this example is 3.3.
The first step will be validate that we can authenticate and retrieve the current configuration using the GET command. You’ll need to login to the VIDM web admin console (https://fqdn-of-vidm/SAAS/login/0) so we can obtain the value of the HZN cookie.
We’ll use Chrome as the example, but you can likely obtain the value in other browsers following a similar process.
Launch Postman and create a basic request.
Change the request type to GET
Enter the URL as https://fqdn_of_vidm/SAAS/jersey/manager/api/mfa/
Open Google Chrome, and login to the VIDM admin interface using the credentials for the built-in “admin” account.
Open the “Developer Tools” menu (F12 on a Windows PC)
Select “Application” and then expand the “Cookies” section.
Click on the URL that corresponds to the VIDM you logged into.
On the right side, copy the value of the HZN cookie to the clipboard.
Back to Postman. You should still be on the headers page. In the first row, type in “Authorization” as the key. For the value, enter HZN and paste the value that you copied to your clipboard (note the space in-between)
You should receive a reply that contains the VMware Verify key that you previously entered in the admin interface. If you receive an error, you may need to disable SSL certificate validation within the Postman app as I did in the lab environment.
Important: Before issuing any delete commands, make sure you have a backup of the VIDM appliances and database!
When you are ready, change the GET to DELETE and click send.
You’ll notice that the output looks the same as before. Don’t worry, that’s expected.
Go back to the VIDM admin console and pull up the settings for the VMware Verify authentication adapter. The field for the Security token is back and ready for proper configuration!