cmutchle
Enthusiast
Enthusiast

BDE 2.1.1 on vSphere 6.0 not connecting to SSO

Jump to solution

Has anyone tried this already? The instructions say to point SSO to the PSC on port 443. The lab environment doesn't seem to like it -- my PSC is external to my vCenter. Everything is on the same VLAN and no firewalls exist between the BDE management server and the vCenter 6.0 appliance.

[root@88 ~]# /opt/serengeti/sbin/EnableSSOAuth https://psc1.atom.ut1.cpt.adobe.net:443/lookupservice/sdk

Intializing registration provider...

Getting SSL certificates for https://psc1.atom.ut1.cpt.adobe.net:443/lookupservice/sdk

com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate assertion not verified and thumbprint not matched

Return code is: SslHandshakeFailed

Please check if sso lookup serivce https url is correct, and sso services work normally.

[root@88 ~]# host psc1.atom.ut1.cpt.adobe.net

psc1.atom.ut1.cpt.adobe.net has address 10.30.20.86

[root@88 ~]# ping -c 3 psc1.atom.ut1.cpt.adobe.net

PING psc1.atom.ut1.cpt.adobe.net (10.30.20.86) 56(84) bytes of data.

64 bytes from psc1.atom.ut1.cpt.adobe.net (10.30.20.86): icmp_seq=1 ttl=64 time=0.358 ms

64 bytes from psc1.atom.ut1.cpt.adobe.net (10.30.20.86): icmp_seq=2 ttl=64 time=0.249 ms

64 bytes from psc1.atom.ut1.cpt.adobe.net (10.30.20.86): icmp_seq=3 ttl=64 time=0.383 ms

--- psc1.atom.ut1.cpt.adobe.net ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2001ms

rtt min/avg/max/mdev = 0.249/0.330/0.383/0.058 ms

0 Kudos
1 Solution

Accepted Solutions
3 Replies
xiao1307
Contributor
Contributor

Hi Cmutchle,

Check the serengeti.propertes under /opt/serengeti/conf if the below two lines are added:

sts=https://{sso_server_host}:443/sts/STSService/{sso_domain}

sts_crts_dir = /opt/serengeti/ssotool/ssoData

The two lines are added automatically after you execute EnableSSOAuth script and it will also generate installation.log under /opt/serengeti/ssotool, provide me the log file.

0 Kudos
jessehuvmw
Enthusiast
Enthusiast
0 Kudos
cmutchle
Enthusiast
Enthusiast

Jesse,

Thanks. I found that this morning and found the issue was within the external PSC that I had deployed. For some (unknown) reason there were duplicate entries for every vCenter service. I rebuilt the PSC and vCenter appliances and that sorted things out right away.

Thanks.

--

Chris.

0 Kudos