Hi All,
I am currently facing the following issue. I have setup a vCenter applience and have managed to join it to my AD domain and have given a user (me) the administrator permissions. However when i try to login to the webui with domain\(username) and the password it fails. But if i download the "Enhanced Authentication Plugin" on a domain PC logged in as the same domain user and tick "User windows authentication" i can access the webui with that account just fine.
Am i just forgetting to do something?
You will have to look at websso.log and ssoAdminserver.log (/var/log/vmware/sso) to understand the cause.
Hi,
Check with the attached document "Platform ServicesController Administration" (page 29 and 34 "Set the Default Domain for vCenter Single Sign-On")
and pag 23 (Log In to vCenter Server by Using the vSphere Client) the attached document "vCenter Server and HostManagement".
https://www.virten.net/2017/01/how-to-add-ad-authentication-in-vcenter-6-5/
-----
Remember this too:
ARomeo
I followed the first 2 links which is how i managed to get it join to the domain and do the permissions however no luck loggining in. However, if i log onto my domain pc and go to the web ui and click "Use Windows Authentication" it works but when i type the same details manually it doesn't work. Thats whats confusing me, becuase i know the domain and authentication is working as i have managed to login through automatically filling the info using windows authentication but when i manually enter a username and password it doesn't work.
you can post some pictures please.
This is what i get when i manually try and login with (domain)\(username) and password:
[2020-03-08T16:30:12.634Z tomcat-http--50 12930ac6-96e6-4628-9d70-03a10e3bb5aa INFO auditlogger] {"user":"WALKERS\\connor.walker","client":"172.16.16.100","timestamp":"03/08/2020 16:30:12 UTC","description":"User WALKERS\\connor.walker@172.16.16.100 failed to log in with response code 401","eventSeverity":"INFO","type":"com.vmware.sso.LoginFailure"}
[2020-03-08T16:30:12.634Z tomcat-http--50 12930ac6-96e6-4628-9d70-03a10e3bb5aa ERROR com.vmware.identity.samlservice.AuthnRequestState] Caught Saml Service Exception from authenticate com.vmware.identity.samlservice.SamlServiceException
[2020-03-08T16:30:12.635Z tomcat-http--50 12930ac6-96e6-4628-9d70-03a10e3bb5aa ERROR com.vmware.identity.BaseSsoController] Sending error to browser. ERROR: 401, message
This is what i get when i login with the domain pc and select "User Windows Authentication":
020-03-08T16:58:29.562Z tomcat-http--44 834f2c7e-ebb6-4d7b-988b-9e5f9d85d361 INFO com.vmware.identity.SsoController] Server SPN is HTTP/photon-machine.walkers.internal
[2020-03-08T16:58:29.563Z tomcat-http--44 834f2c7e-ebb6-4d7b-988b-9e5f9d85d361 INFO com.vmware.identity.SsoController] Accessing Tenant vsphere.local, brand name string null
[2020-03-08T17:00:01.007Z tomcat-http--50 12930ac6-96e6-4628-9d70-03a10e3bb5aa INFO com.vmware.identity.SsoController] Welcome to SP-initiated AuthnRequest handler! The client locale is en_GB, tenant is vsphere.local
[2020-03-08T17:00:01.008Z tomcat-http--50 12930ac6-96e6-4628-9d70-03a10e3bb5aa INFO com.vmware.identity.SsoController] Request URL is https://172.16.16.161/websso/SAML2/SSO/vsphere.local
[2020-03-08T17:00:01.104Z tomcat-http--50 5d86c6d8-1558-4f48-b7fb-c87856853ee2 INFO com.vmware.identity.samlservice.impl.AuthnRequestStateValidator] Validating SAML AuthnRequest, ID: _13590b797b3db7e058247742c7b213f8
[2020-03-08T17:00:01.116Z tomcat-http--50 5d86c6d8-1558-4f48-b7fb-c87856853ee2 INFO com.vmware.identity.samlservice.impl.AuthnRequestStateValidator] Authn request proxyCount= null set isProxying=false
[2020-03-08T17:00:01.132Z tomcat-http--50 5d86c6d8-1558-4f48-b7fb-c87856853ee2 INFO com.vmware.identity.samlservice.impl.AuthnRequestStateValidator] Authentication request validation succeeded
[2020-03-08T17:00:01.136Z tomcat-http--50 5d86c6d8-1558-4f48-b7fb-c87856853ee2 INFO com.vmware.identity.SsoController] Server SPN is HTTP/photon-machine.walkers.internal
[2020-03-08T17:00:01.137Z tomcat-http--50 5d86c6d8-1558-4f48-b7fb-c87856853ee2 INFO com.vmware.identity.SsoController] Accessing Tenant vsphere.local, brand name string null
[2020-03-08T17:00:38.489Z tomcat-http--18 b301c6f1-bb1f-49e3-bfff-db7d3bb840e2 INFO com.vmware.identity.SsoController] Welcome to SP-initiated AuthnRequest handler! The client locale is en_GB, tenant is vsphere.local
[2020-03-08T17:00:38.489Z tomcat-http--18 b301c6f1-bb1f-49e3-bfff-db7d3bb840e2 INFO com.vmware.identity.SsoController] Request URL is https://172.16.16.161/websso/SAML2/SSO/vsphere.local
[2020-03-08T17:00:38.563Z tomcat-http--18 0a69d4f0-19f8-4872-a8f0-21d479741068 INFO com.vmware.identity.samlservice.impl.AuthnRequestStateValidator] Validating SAML AuthnRequest, ID: _13590b797b3db7e058247742c7b213f8
[2020-03-08T17:00:38.574Z tomcat-http--18 0a69d4f0-19f8-4872-a8f0-21d479741068 INFO com.vmware.identity.samlservice.impl.AuthnRequestStateValidator] Authn request proxyCount= null set isProxying=false
[2020-03-08T17:00:38.590Z tomcat-http--18 0a69d4f0-19f8-4872-a8f0-21d479741068 INFO com.vmware.identity.samlservice.impl.AuthnRequestStateValidator] Authentication request validation succeeded
[2020-03-08T17:00:38.625Z tomcat-http--18 0a69d4f0-19f8-4872-a8f0-21d479741068 INFO auditlogger] {"user":"Connor.Walker@WALKERS.INTERNAL","client":"172.16.16.176","timestamp":"03/08/2020 17:00:38 UTC","description":"User Connor.Walker@WALKERS.INTERNAL@172.16.16.176 logged in with response code 200","eventSeverity":"INFO","type":"com.vmware.sso.LoginSuccess"}
[2020-03-08T17:00:38.628Z tomcat-http--18 0a69d4f0-19f8-4872-a8f0-21d479741068 INFO com.vmware.identity.samlservice.AuthnRequestState] create token spec for principal {Name: Connor.Walker, Domain: WALKERS.INTERNAL}
[2020-03-08T17:00:38.628Z tomcat-http--18 0a69d4f0-19f8-4872-a8f0-21d479741068 INFO com.vmware.identity.samlservice.AuthnRequestState] relying party url https://172.16.16.161/ui/saml/websso/metadata, identityFormat http://schemas.xmlsoap.org/claims/UPN
[2020-03-08T17:00:38.628Z tomcat-http--18 0a69d4f0-19f8-4872-a8f0-21d479741068 INFO com.vmware.identity.samlservice.AuthnRequestState] authn method KERBEROS session Session [id=_8c5b1bbdcc12c423f933523af7ba1afa, principalId={Name: Connor.Walker, Domain: WALKERS.INTERNAL}, expireDate=Mon Mar 09 01:00:38 UTC 2020, authnMethod=KERBEROS, logoutRequestData=null, extIDPSessionID=null, participants=[]]
[2020-03-08T17:00:38.628Z tomcat-http--18 0a69d4f0-19f8-4872-a8f0-21d479741068 INFO com.vmware.identity.samlservice.AuthnRequestState] inResponseTo _13590b797b3db7e058247742c7b213f8 recipient https://172.16.16.161/ui/saml/websso/sso
[2020-03-08T17:00:38.628Z tomcat-http--18 0a69d4f0-19f8-4872-a8f0-21d479741068 INFO com.vmware.identity.samlservice.AuthnRequestState] audience https://172.16.16.161/ui/saml/websso/metadata
When i click Use Windows Session Authentication it auto fills the username and logs me in:
This is what it says when i input the username and password manually:
Hi,
you have to write it in this format: walkers@connor.walker
and don't select "User Windows session...."
ARomeo
Tried this and it just says "Invalid credentials"
Hi,
reset your browser cache and try logging in with the domain "administrator" user.
Administrator@connor.walker
Same message.