VMware Cloud Community
venkat1974
Contributor
Contributor
‎09-19-2012 10:34 AM

vCD 5.1 Login Problem

We are encountering this error when tring to access vCloud Director. The error reads : The SAML Authentication failed for this organization.

Sometimes when we refresh this page it works and gets logged into the vCD Portal.

We are upgrding our test environment to vSphere 5.1. We have upgraded to vSphere to 5.1 and have vCD 5.1 Suite.

This seems to be a problem with SSO, has someone seen this error?

0 Kudos
6 Replies
charliejllewell
Enthusiast
Enthusiast
‎09-19-2012 01:02 PM

Do you have anymore detail about the error in the cell logs?

0 Kudos
venkat1974
Contributor
Contributor
‎09-19-2012 09:56 PM

Here is the content of the log file:

Application startup begins: 9/18/12 11:27 AM
Successfully bound network port: 80 on host address: 10.5.77.106
Successfully bound network port: 443 on host address: 10.5.77.106
Successfully connected to database: jdbc:jtds:sqlserver://cabdbsphx001:1433/vcloud;socketTimeout=90
Current locale "en" verified successfully.
Successfully bound network port: 61616 on host address: 10.5.77.106
Successfully bound network port: 61613 on host address: 10.5.77.106
Application Initialization: 5% complete. Subsystem 'com.vmware.vcloud.common-util' started
Application Initialization: 11% complete. Subsystem 'com.vmware.vcloud.api-framework' started
Successfully bound network port: 443 on host address: 10.5.77.116
Application Initialization: 17% complete. Subsystem 'com.vmware.vcloud.consoleproxy' started
Application Initialization: 23% complete. Subsystem 'com.vmware.vcloud.common-vmomi' started
Application Initialization: 29% complete. Subsystem 'com.vmware.vcloud.jax-rs-activator' started
Application Initialization: 35% complete. Subsystem 'com.vmware.pbm.placementengine' started
Application Initialization: 41% complete. Subsystem 'com.vmware.vcloud.vim-proxy' started
Application Initialization: 47% complete. Subsystem 'com.vmware.vcloud.fabric.foundation' started
Application Initialization: 52% complete. Subsystem 'com.vmware.vcloud.fabric.storage' started
Application Initialization: 58% complete. Subsystem 'com.vmware.vcloud.fabric.compute' started
Application Initialization: 64% complete. Subsystem 'com.vmware.vcloud.fabric.net' started
Successfully verified transfer spooling area: /opt/vmware/vcloud-director/data/transfer
Application Initialization: 70% complete. Subsystem 'com.vmware.vcloud.backend-core' started
Application Initialization: 76% complete. Subsystem 'com.vmware.vcloud.ui.configuration' started
Application Initialization: 82% complete. Subsystem 'com.vmware.vcloud.imagetransfer-server' started
Application Initialization: 88% complete. Subsystem 'com.vmware.vcloud.rest-api-handlers' started
Application Initialization: 94% complete. Subsystem 'com.vmware.vcloud.jax-rs-servlet' started
Application Initialization: 100% complete. Subsystem 'com.vmware.vcloud.ui-vcloud-webapp' started
Application Initialization: Complete. Server is ready in 1:40 (minutes:seconds)
Successfully initialized ConfigurationService session factory
Successfully posted pending audit events: com/vmware/vcloud/event/cell/start
Successfully started scheduler
Successfully started remote JMX connector on port 8999
0 Kudos
charliejllewell
Enthusiast
Enthusiast
‎09-22-2012 12:13 AM

Hi this is just the cell startup log. Can you have a look in the vcd log directory for other logs that may hold more information:

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=102681...

0 Kudos
BaiG1
Enthusiast
Enthusiast
‎11-22-2012 05:53 PM

i met the same problem, and my vCD SSO used to work but suddenly it is broken.

this log would be ok ?

very appreicate for your reply, thanks

Best Regards

Bai

vcloud-container-debug.log
0 Kudos
Michelle_Laveri
Virtuoso
Virtuoso
‎11-23-2012 02:13 AM

I used to have vCD 5.1 SSO problems like the ones described here. In fact I didn't properly get "Federation" working with vCD until 5.1.1 drop a few weeks ago....

http://communities.vmware.com/people/Mike_Laverick/blog/2012/11/01/part-n-my-vcloud-journey-journal-...

I must say I found SSO much easier to setup on the vCenter Virtual Appliance - it worked even from 5.0. Although I totally appreciate and understand that not everyone can use the VCSA...

Regards

Mike

Regards
Michelle Laverick
@m_laverick
http://www.michellelaverick.com
0 Kudos
IamTHEvilONE
Immortal
Immortal
‎11-27-2012 08:55 AM

BaiG1 - are you sure that all your SSO components have the same time set in the OS?  Your errors seem to be around "org.opensaml.common.SAMLException: SAML response is not yet valid"  this is usually because the response has a timestamp different enough to say that it's too early to be valid.

So I would check for clock skew between vCD/SSO/vCenter/all components.

0 Kudos