vCenter services restart will fail when ADFS is configured from SDDC Manager UI.
Article ID: 311999
Updated On:
Products
Issue/Introduction
Symptoms:
Critical vCenter services like vmware-vpxd will fail to restart with the following error after configuring ADFS from SDDC Manager UI.
From vpxd-svcs.log
2023-03-01T12:23:38.174-03:00 [main ERROR com.vmware.vim.vcauthenticate.servlets.AuthenticationHelper opId=] Hit ServiceCommunicationException while fetching admin group for the SSO Admin user : [email protected]
com.vmware.cis.server.ssoauthentication.exception.ServiceCommunicationException: java.lang.IllegalArgumentException: 'friendlyName' value should not be empty
at com.vmware.cis.server.ssoauthentication.impl.RetryAction.execute(RetryAction.java:79)
Environment
Cause
Resolution
Workaround:
Follow the below steps:
1. Get the token by calling the /v1/tokens API
TOKEN=$(curl -d '{"username" : "[email protected]", "password" : "<password>"}' -H "Content-Type: application/json" -X POST https://<sddc_manager_fqdn>/v1/tokens | jq -r '.accessToken')
2. Call the GET /v1/identity-providers API to get the id of the ADFS configured
> curl 'https://<sddc_manager_fqdn>/v1/identity-providers/' -i -X GET -H 'Content-Type: application/json' -H "Authorization: Bearer $TOKEN"
3. Call the GET /v1/identity-providers/{id} API to get details about the ADFS configured
> curl 'https://<sddc_manager_fqdn>/v1/identity-providers/<ADFSIdpId>' -i -X GET -H 'Content-Type: application/json' -H "Authorization: Bearer $TOKEN"
4. Call the PATCH /v1/identity-providers/{id} API to edit the ADFS configuration and set the "name" field as "Microsoft ADFS"
> curl -d '{"name" : "Microsoft ADFS", type":"Microsoft ADFS", "certChain":[], "ldap":{...}, "oidc":{...}' -H 'Content-Type: application/json' -X POST 'https://<sddc_manager_fqdn>/v1/identity-providers/<ADFSIdpId>'
Please refer to VMware Cloud Foundation API Reference Guide for more details
Feedback
