Encounter the below error when trying to update SDDC,
Retrieving all scheduled and in-progress bundles failed. Unable to retrieve aggregated LCM bundles: Encountered error requesting http://127.0.0.1/v1/upgrades api - Encountered error requesting http://127.0.0.1/v1/upgrades api - Encountered error trying to refresh public api access token using refresh token: Cannot read property 'id' of undefined
/var/log/vmware/vcf/commonsvcs/vcf-commonsvcs.log
======================================================================================
2022-07-12T14:36:03.938+0000 ERROR [common,9b73587bba4741e8,38a7] [c.v.e.s.i.s.services.PscServiceImpl,http-nio-127.0.0.1-7100-exec-3] Unable to fetch user & groups from saml token
java.lang.RuntimeException: The SAML token signature validation failed!
at com.vmware.evo.sddc.identity.sso.services.PscServiceImpl.validateSamlToken(PscServiceImpl.java:481)
at com.vmware.evo.sddc.identity.sso.services.PscServiceImpl.getSamlMetaData(PscServiceImpl.java:440)
at com.vmware.evo.sddc.identity.services.IdentityServiceImpl.getTokenPair(IdentityServiceImpl.java:115)
at com.vmware.evo.sddc.identity.rest.api.controller.v1.TokenController.createToken(TokenController.java:72)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Multiple STS certificates in the vCenter's SSO domain. The additional STS certificate is generally from a linked Cloud vCenter. VCF uses the last certificate to validate the SAML token. So when VCF goes to validate the SAML token it encounters an un trusted STS certificate which causes the error in SDDC.
Refer to the following KB to check the existing STS certs:
Checking Expiration of STS Certificate on vCenter Servers
This issue is resolved in SDDC 4.5