Symptoms:
Smart Card Authentication fails on vCenter with 'Unable to validate submitted credential'. The following error is logged in the '/var/log/vmware/sso/websso.log'.
[2018-09-24T22:08:06.712Z tomcat-http--2 557c7e14-####-####-####-########04c ERROR com.vmware.identity.BaseSsoController] Sending error to browser. ERROR: [401, Unable to validate the submitted credential.], message
vCenter 7.0 and vCenter 6.x do not support certificates that are missing a UPN entry in the Subject Alternative Name. The following error is logged in '/var/log/vmware/sso/websso.log'.
[2018-09-24T22:08:06.506Z tomcat-http--2 557c7e14-####-####-####-########04c ERROR com.vmware.identity.samlservice.impl.CasIdmAccessor] Caught exception.
com.vmware.identity.idm.IdmClientCertificateParsingException: No UPN entry in Subject Alternative Names extension