Single Sign-On (SSO) Open LDAP authentication fails with the error: Parsing Subject Failed
search cancel

Single Sign-On (SSO) Open LDAP authentication fails with the error: Parsing Subject Failed

book

Article ID: 305675

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:
  • Signing in to vCenter Server using Open LDAP credentials with Single Sign-On using a username containing special characters fails with the error:

    Parsing Subject Failed

  • In the vpxd.log file, you see errors similar to:

    YYYY-10-25T09:27:06.627-07:00 [05140 info '[SSO]' opID=88FF974F-00000004-b4] [UserDirectorySso] Authenticate([email protected], "not shown")
    YYYY-10-25T09:27:07.518-07:00 [05140 error '[SSO]' opID=88FF974F-00000004-b4] [UserDirectorySso] AcquireToken SsoException: Failed to parse the UPN NameID: [email protected]
    YYYY-10-25T09:27:07.518-07:00 [05140 error 'authvpxdUser' opID=88FF974F-00000004-b4] Failed to authenticate user [email protected]


Environment

VMware vCenter Server 5.1.x

Cause

This issue occurs because Single Sign-On does not currently authenticate usernames which contain these special characters:
  • ^
  • *
  • $
  • ;
  • "
  • )
  • <
  • >
  • &
  • |
  • @

Resolution

This is a known issue affecting vCenter Server 5.1.
This issue is resolved in vCenter Server 5.5 for all characters, except @. You can download the latest release from the VMware Download Center.

To work around this issue when you are unable to upgrade, avoid using special characters in the username format for OpenLDAP if possible.


Additional Information

To be alerted when this document is updated, click the Subscribe to Article link in the Actions box
Logging in to vCenter Server 5.1 using the vSphere Web Client as an AD user fails with the error: A general system error occurred: not well-formed (invalid token)
Single Sign-On (SSO) Open LDAP 認証が次のエラーで失敗する: サブジェクトの解析に失敗しました

Powered by Wolken Software