Failed to setup SSO source, reason: Auth Exception occurred : 'Solution user detail' certificate is invalid - certificateException java.security.cert.CertificateExpiredException when trying to add vCenter to Aria Operations SSO auth
search cancel

Failed to setup SSO source, reason: Auth Exception occurred : 'Solution user detail' certificate is invalid - certificateException java.security.cert.CertificateExpiredException when trying to add vCenter to Aria Operations SSO auth

book

Article ID: 308351

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

When trying to add SSO SAML vCenter Identity source. test connection is successful but when we try to apply, we get Error: 
Failed to setup SSO source, reason: Auth Exception occurred : 'Solution user detail' certificate is invalid - certificateException java.security.cert.CertificateExpiredException: NotAfter: WeekDay MM DD HH:MM:SS UTC YYYY

vcops-bridge.log
ERROR [ServerConnection on port 10000 Thread 1967] com.vmware.vcops.bridge.server.BridgeTracerAspect.processBridgeResult - Failed to setup SSO source, reason: Auth Exception occurred : 'Solution user detail' certificate is invalid - certificateException java.security.cert.CertificateExpiredException: NotAfter: WeekDay MM DD HH:MM:SS UTC YYYY
ERROR [ServerConnection on port 10000 Thread 1967] com.vmware.vcops.bridge.server.BridgeTracerAspect.processBridgeResult - SessionId: e4a88a55-xxxx-xxxx-xxxx-6722ca6d6a25::6a6ec47b-xxxx-xxxx-xxxx-5d5d9cfd4d93; UserId: e4a88a55-xxxx-xxxx-xxxx-6722ca6d6a25; UserName: admin
 Function addSSOSource execution takes 1436

Environment

VMware Aria Operations 8.x

Resolution

To resolve the issue, please follow the below steps after taking snapshots of the Aria Operations node 

Make sure the cluster is in an offline state before proceeding.

  • Navigate to the SSL Directory:

    • Go to the following directory:
      cd /data/vcops/user/conf/ssl

  • Backup the Current Certificates:

    • Run the following commands to back up the existing certificates: 
      mv cluster_cert.pem cluster_cert.pem.bak 
mv cluster_key.pem cluster_key.pem.bak

  • Navigate to the Slice Configuration Directory:

    • Go to the following directory:
      cd /usr/lib/vmware-vcopssuite/utilities/sliceConfiguration/bin

  • Run the Python Command:

    • Execute the following command to create a self-signed certificate:
      $VMWARE_PYTHON_BIN -c "import vcopsPlatformCertUtil; vcopsPlatformCertUtil.createSelfSignedCertificate('/data/vcops/user/conf/ssl')"

  • Change Ownership of the New Certificates:

    • Return to the /data/vcops/user/conf/ssl directory.
      cd /data/vcops/user/conf/ssl
    • Update the ownership of the newly created certificates by running the following commands: 
      chown admin:admin cluster_cert.pem
chown admin:admin cluster_key.pem

Bring the cluster back online and retry adding SSO authentication source. 

Additional Information

Impact/Risks:
Take a snapshot of the nodes with cluster being in offline state.

Powered by Wolken Software