1 Reply Latest reply on May 1, 2020 1:03 PM by mathiel

    Smart Card Authentication / SSO Errors VCSA 6.5

    twilcox728 Novice

      I'm trying to setup smart card authentication for the VCSA 6.5. I setup the reverse proxy cert store and imported all my certs. It's on the domain.


      When I choose smart card authentication at the web client, i choose my cert, and it fails with:


      400 An error occured while processing the authentiaciton response from the vCenter Single Sign-On server.
      Details: Status: urn.oasis:names:tc:SAML:2.0:status:Responder,sub status, null.


      In the SSO logs (vmware-sts-idmd.log) it shows the following:

      [2017-03-08T15:36:15.527Z vsphere.local        2e988764-0f42-4480-855b-85dcbdca00ef WARN ] [ActiveDirectoryProvider] obtainDcInfo for domain [my domain] failed Native platform error [code: 9502][DNS_ERROR_BAD_PACKET][A bad packet was received from a DNS server. Potentially the requested address does not exist.]

      [2017-03-08T15:36:15.528Z vsphere.local        2e988764-0f42-4480-855b-85dcbdca00ef ERROR] [IdentityManager] Failed to get attributes for principal [my CAC ID] in tenant [vsphere.local]

      [2017-03-08T15:36:15.528Z vsphere.local        2e988764-0f42-4480-855b-85dcbdca00ef ERROR] [ServerUtils] Exception 'java.lang.NullPointerException'


      Reverse lookup isn't configured for our domain (no exceptions) so I tried adding the DC's to the host file on the appliance with no luck.


      I also tried adding an identity source so it doesn't search the whole forest and only our DC's, but that also keeps failing.