Configuring ADFS Identity Provider on vCenter Server Fails with error "java.lang.NullPointerException"
Article ID: 322211
Updated On:
Products
VMware vCenter Server
Issue/Introduction
Symptoms:
- Configuring ADFS Identity Provider on vCenter Server fails with "java.lang.NullPointerException" error message
- Trust Management service log /var/log/vmware/trustmanagement/trustmanagement-svcs.log will show below snippets
<timestamp> [tomcat-exec-2 [] ERROR com.vmware.vcenter.trustmanagement.vapi.impl.VcIdentityProvidersProviderImpl opId=###] Error creating VcIdentityProvider object: InvalidArgument (com.vmware.vapi.std.errors.invalid_argument) => {
messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) => {
id = com.vmware.vcenter.trustmanagement.invalidargument,
defaultMessage = java.lang.NullPointerException,
args = [java.lang.NullPointerException],
params = <null>,
localized = <null>
}],
data = <null>,
errorType = INVALID_ARGUMENT
}
messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) => {
id = com.vmware.vcenter.trustmanagement.invalidargument,
defaultMessage = java.lang.NullPointerException,
args = [java.lang.NullPointerException],
params = <null>,
localized = <null>
}],
data = <null>,
errorType = INVALID_ARGUMENT
}
Environment
VMware vCenter Server 8.0.x
VMware vCenter Server 7.0.x
Cause
This issue can happen if the 'end_session_endpoint' is missing in the Open-ID discovery metadata.
You may verify the same by accessing the ADFS openid-configuration URL https://<ADFS Server FQDN>/adfs/.well-known/openid-configuration and search for "end_session_endpoint".
Resolution
To resolve the issue, MS Patch KB4038801 needs to be applied on the ADFS Server. Please refer Microsoft documentation Single log-out for OpenID Connect with AD FS for more information.
Patch Download URL:
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4038801
Feedback
Yes
No
Powered by
