"The specified string-encoded certificate is invalid" error when saving a SAML configuration in VMware Cloud Director version 10.4
Article ID: 321469
Updated On: 08-02-2024
Products
VMware Cloud Director
Issue/Introduction
Symptoms:
- "The specified string-encoded certificate is invalid" error when saving/editing a SAML configuration in VMware Cloud Director version 10.4.
- SAML certificate does not regenerate when updating the SAML certificate for an Organization in VMware Cloud Director version 10.4.
Environment
VMware Cloud Director 10.x
Resolution
This is a known issue affecting VMware Cloud Director 10.4.
The issue is resolved in VMware Cloud Director 10.4.1, available at VMware By Broadcom Downloads .
If you cannot upgrade to VMware Cloud Director 10.4.1, please use the workaround specified in the Workaround section.
Workaround:
- Login to the Cloud Director API as a System Administrator, for more information see the Knowledge Base article here.
- Using the login credentials from step 1, execute the following request to view the list of Organizations in Cloud Director:
Request:
GET https://vcloud.example.com/api/org
Request Headers:
Accept: application/*+json;version=37.0
Authorization: Bearer {token}
GET https://vcloud.example.com/api/org
Request Headers:
Accept: application/*+json;version=37.0
Authorization: Bearer {token}
- Step 2 will return a list of URLs giving the IDs for the System (Provider Organization) and Tenant Organizations.
- To regenerate the SAML certificate for a given Organization use its ID retrieved above to construct the required URL for a regenerateFederationCertificate action:
https://vcloud.example.com/api/admin/org/{id}/settings/federation/action/regenerateFederationCertificate
For example for a System Organization we may have retrieved the following in step 2 above:
https://vcloud.example.com/api/org/<ORG_UUID>
For example for a System Organization we may have retrieved the following in step 2 above:
https://vcloud.example.com/api/org/<ORG_UUID>
We would use the ID '<ORG_UUID>' to then construct the correct regenerateFederationCertificate URL:
https://vcloud.example.com/api/admin/org/<ORG_UUID>/settings/federation/action/regenerateFederationCertificate
- We would then send this request to regenerate the certificates for this Organization:
Request:
POST https://vcloud.example.com/api/admin/org/<ORG_UUID>/settings/federation/action/regenerateFederationCertificate
Request Headers:
Accept: application/*+json;version=37.0
Authorization: Bearer {token}
POST https://vcloud.example.com/api/admin/org/<ORG_UUID>/settings/federation/action/regenerateFederationCertificate
Request Headers:
Accept: application/*+json;version=37.0
Authorization: Bearer {token}
- The issue should be resolved.
Feedback
Yes
No
Powered by
