DroboDeveloper
Contributor
Contributor

Getting java.io.IOException: HTTP response code: 526 when configuring OIDC SSO in VCSA

Hi Guys,

I am trying to configure SSO into VCSA using a third-party IDP provider that supports OIDC. On the last step of the VCSA "Change Identity Provider" wizard I am getting the following error:

DroboDeveloper_1-1623073740181.png

 

I'm at a bit of a loss on how to debug this error. What I know so far:

  1. The IDP has a cert signed by a publicly trusted Certificate Authority.
  2. The OIDC settings are all configured correctly.
  3. The LDAP settings are all configured correctly.
  4. The VCSA is net-new. No other Identity Sources configured other than the default System Domain.
  5. VCSA v7.0.2.00100

Any help to pull this over the finish line would be much appreciated.

Labels (1)
0 Kudos
4 Replies
potato49
Contributor
Contributor

I'm having this exact same issue after upgrading to VCSA v7.0.2.00100; I have a ticket open with VMware, I'll keep you posted if we come to a resolution on this.

0 Kudos
DroboDeveloper
Contributor
Contributor

Thank you so much, buddy. Very much appreciated.

0 Kudos
AlexHarb
Contributor
Contributor

I have the same issue in  7.0.2.00200

0 Kudos
potato49
Contributor
Contributor

I was finally able to get this resolved today. It ended up being a cert issue and I had to reissue a new publicly signed machine cert and cert chain.

 

This guide should work for you if you are using your own internal Microsoft CA: https://www.terataki.net/2020/04/14/add-custom-certificate-to-vcenter-7/

I, unfortunately was not able to use my Microsoft CA for this and had to request a cert from a public cert provider (we use SSL.com). In vSphere under Administration-> Certificate Management on the machine SSL cert actions-> Generate CSR (I had to provide this to the public cert authority for them to generate the cert). I've read that these certs ARE case sensitive for the hostname listed in your CSR, so be wary of that.

 

Once I got the cert I was able to go back into cert management in vSphere, select the machine SSL cert-> Actions Import and replace cert "Replace with external CA certificate where CSR is generated from vCenter Server (private key embedded)" I imported the machine SSL crt file for the machine SSL portion, but for the cert chain I had to open the certs sent to me in notepad and paste in the cert chain in order (For me it was 1st Trusted network CA 2nd Root Cert auth RSA 3rd SSL subCA) 

If you have any questions on this or are seeing any errors in this process, feel free to respond to this message and I'd be happy to help. This process was very painful for me working through it with VMware support so hopefully I can save you some of that time.

0 Kudos