Symptoms:

• Unable to login with Smart Card Authentication to vCenter 6.7
• Fails with "Unable to validate submitted credential, Username and Password are required".

• User Active Directory sAMAccountName is not equal to UserPrincipalName
• vCenter Server is configured to use an AD over LDAP Single Sign-On Domain Identity Source

This issue is resolved in VMware vCenter 6.7 U3g.

Workaround:

• Update the user’s Active Directory account so that sAMAccountName and UserPrincipalName match the Smart Card certificate Subject Alternative Name: Principal Name

Or

• Reissue the Smart Card certificate so that Subject Alternative Name: Principal Name matches the Active Directory sAMAccountName and UserPrincipalName

Or

• Reconfigure the vSphere Single Sign-On Windows Domain Identity Source to use Integrated Windows Authentication instead of AD over LDAP. For more information see, "Shown as Active Directory (Integrated Windows Authentication) in the vSphere Client. vCenter Single Sign-On allows you to specify a single Active Directory domain as an identity source." https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/6-7/platform-services-controller-administration-6-7.html 

Or

• Install the vSphere Client Browser Enhanced Authentication Plugin and use Windows SSPI to log in with Smart Card Credentials. Client must be on the same domain or trust the domain where vCenter is joined.
  • Navigate to C:\Program Files (x86)\VMware\Enhanced Authentication Plug-in 6.7
  • Merge WindowsAuthKey_x64.reg
  • Open Registry Editor, navigate to 
    • [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\VMware, Inc.\CIP]
  • and change value to 
    "UseSmartCardPrompt"=dword:00000001