Our vCenter 6.7 appliance has been running fine for a few months. Since today though, SSO users can't login.
(SSO identity source is LDAP, which seems to be running OK)
When I try to investigate.
- I can login to the server on port 5480 as Administrator@vsphere.local OK, and the dashboard for SSO, only says 'vsphere.local' and Status 'Running', and no options to edit.
- But when I try to login to the vSphere UI as Administrator@vsphere.local to check if I have lost my SSO settings, I get this error.
A server error occurred.
 An error occurred while processing the authentication response from the vCenter Single Sign-On server. Details: Status: urn:oasis:names:tc:SAML:2.0:status:Responder, sub status: urn:oasis:names:tc:SAML:2.0:status:RequestDenied.
Check the vSphere Web Client server logs for details.
Shouldn't I be able to login as the local administrator ? even without a SSO service - what am I doing wrong ?
I can login to the appliance as root via ssh, but not sure which are the relevant logs
can you try to ssh of the vcenter and see what log entries we have in below log files.
Re produce the issue and note the time stamp to find relevant log entries.
In these files we can find some details.
Thanks for the responses. The problem has resolved itself after the following, although I'm not sure any addressed the root cause
I'll investigate further, and if the problem re-occurs, I'll start looking with these suggested log files