VMware Cloud Community
xyz20010
VMware Employee
VMware Employee

vSphere7.0 configure ADFS for SSO, but failed

Hi everyone,

      I'm configuring vSphere7.0 with ADFS for SSO. I did it followed Bill Hill's video (thanks Bill, it's very useful).

     But at the last step, it's failed with error "java.lang.NullPointerException", I checked vcenter's log /var/log/vmware/sso, but nothing useful.

    I know this is a new feature, anybody would like give me some advices? I'd appreciate it.

 Best Regards

James Xie

Labels (1)
  • r

Reply
0 Kudos
2 Replies
Dirk-22
Contributor
Contributor

I get the same error on 7.0.3. 

I also found the error in this log:
/var/log/vmware/trustmanagement/trustmanagement-svcs.log
This is the logging I see even after changing the loglevel for "log4j.logger.com.vmware.vapi" to debug in /usr/lib/vmware-trustmanagement/config/log4j.properties. Not clear to me what data is missing in the call.

2022-06-24T08:38:24.025Z [tomcat-exec-9 DEBUG com.vmware.vapi.provider.local.LocalProvider opId=] call to invoke() for service 'com.vmware.vcenter.identity.providers', operation 'create'
2022-06-24T08:38:24.073Z [tomcat-exec-9 INFO com.vmware.vcenter.trustmanagement.impl.VcIdentityProviders opId=] Retrieving metadata from discovery endpoint: https://adfs.test.local/adfs/.well-known/openid-configuration
2022-06-24T08:38:24.177Z [tomcat-exec-9 INFO com.vmware.vcenter.trustmanagement.impl.VcIdentityProviders opId=] Successfully received metadata from https://adfs.test.local/adfs/.well-known/openid-configuration in 104 ms
2022-06-24T08:38:24.196Z [tomcat-exec-9 INFO com.vmware.vcenter.trustmanagement.impl.VcIdentityProviders opId=] Creating VCIdentityProvider: 2e886cc6-6702-4d30-b9f3-091e0a34ef54.
2022-06-24T08:38:24.381Z [tomcat-exec-9 ERROR com.vmware.vcenter.trustmanagement.vapi.impl.VcIdentityProvidersProviderImpl opId=] Error creating VcIdentityProvider object: InvalidArgument (com.vmware.vapi.std.errors.invalid_ar
gument) => {
messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) => {
id = com.vmware.vcenter.trustmanagement.invalidargument,
defaultMessage = java.lang.NullPointerException,
args = [java.lang.NullPointerException],
params = <null>,
localized = <null>
}],
data = <null>,
errorType = INVALID_ARGUMENT
}
2022-06-24T08:38:24.381Z [tomcat-exec-9 DEBUG com.vmware.vapi.internal.bindings.ApiMethodSkeleton opId=] Method implementation threw a VMODL2 error
com.vmware.vapi.std.errors.InvalidArgument: InvalidArgument (com.vmware.vapi.std.errors.invalid_argument) => {
messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) => {
id = com.vmware.vcenter.trustmanagement.invalidargument,
defaultMessage = java.lang.NullPointerException,
args = [java.lang.NullPointerException],
params = <null>,
localized = <null>
}],
data = <null>,
errorType = INVALID_ARGUMENT
}
at com.vmware.vcenter.trustmanagement.vapi.impl.VcIdentityProvidersProviderImpl.create(VcIdentityProvidersProviderImpl.java:200)
at com.vmware.vcenter.trustmanagement.vapi.impl.VcIdentityProvidersProviderImpl.create(VcIdentityProvidersProviderImpl.java:187)
at com.vmware.vcenter.identity.ProvidersApiInterface$CreateApiMethod.doInvoke(ProvidersApiInterface.java:86)
at com.vmware.vapi.internal.bindings.ApiMethodSkeleton.invoke(ApiMethodSkeleton.java:232)
at com.vmware.vapi.provider.ApiMethodBasedApiInterface.invoke(ApiMethodBasedApiInterface.java:86)
at com.vmware.vapi.provider.local.LocalProvider.invokeMethodInt(LocalProvider.java:399)
at com.vmware.vapi.provider.local.LocalProvider.invoke(LocalProvider.java:270)
at com.vmware.vapi.provider.introspection.ErrorAugmentingFilter.invoke(ErrorAugmentingFilter.java:73)
at com.vmware.vapi.authz.impl.AuthorizationFilter.invoke(AuthorizationFilter.java:232)
at com.vmware.vapi.provider.introspection.ErrorAugmentingFilter.invoke(ErrorAugmentingFilter.java:73)
at com.vmware.vapi.security.AuthenticationFilter$1.setResult(AuthenticationFilter.java:181)
at com.vmware.vapi.security.AuthenticationFilter$1.setResult(AuthenticationFilter.java:165)
at com.vmware.vapi.cis.authn.SamlTokenAuthnHandler.authenticate(SamlTokenAuthnHandler.java:61)
at com.vmware.vapi.security.AuthenticationFilter.invoke(AuthenticationFilter.java:164)
at com.vmware.vapi.protocol.server.msg.json.JsonServerConnection.processApiRequest(JsonServerConnection.java:396)
at com.vmware.vapi.protocol.server.msg.json.JsonServerConnection.requestReceived(JsonServerConnection.java:229)
at com.vmware.vapi.protocol.server.rpc.http.impl.HttpStreamingServlet.doPostImpl(HttpStreamingServlet.java:119)
at com.vmware.vapi.protocol.server.rpc.http.impl.HttpStreamingServlet.doPost(HttpStreamingServlet.java:88)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:681)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:764)

Reply
0 Kudos
Dirk-22
Contributor
Contributor

This probably was caused by running a default Windows server 2016 installation, without updates.
After updating the ADFS openid-configuration includes the "end_session_endpoint", which is saved in the local LDAP configuration of vCenter.

Reply
0 Kudos