When trying to access an Org in vCloud Director with SAML authentication, you get this message:
HTTP ERROR 500 Problem accessing /cloud/org/orgname/saml/login/alias/vcd. Reason: Server Error Caused by: javax.servlet.ServletException: org.opensaml.ws.message.encoder.MessageEncodingException: Error creating output document
In the vcloud-container-debug.log file, you see entries similar to:
* No default metadata configured * ERROR | pool-jetty-80 | HTTPPostEncoder | Error invoking Velocity template | requestId=<REQUEST_UUID>,request=GET (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) li...,accept=text/html application/xhtml+xml image/jxr */* org.apache.velocity.exception.ResourceNotFoundException: Unable to find resource '/templates/saml2-post-binding.vm' at org.apache.velocity.runtime.resource.ResourceManagerImpl.loadResource(ResourceManagerImpl.java:483) at org.apache.velocity.runtime.resource.ResourceManagerImpl.getResource(ResourceManagerImpl.java:354) at org.apache.velocity.runtime.RuntimeInstance.getTemplate(RuntimeInstance.java:1400) at org.apache.velocity.app.VelocityEngine.mergeTemplate(VelocityEngine.java:370) at org.opensaml.saml2.binding.encoding.HTTPPostEncoder.postEncode(HTTPPostEncoder.java:136) at org.opensaml.saml2.binding.encoding.HTTPPostEncoder.doEncode(HTTPPostEncoder.java:112) at org.opensaml.ws.message.encoder.BaseMessageEncoder.encode(BaseMessageEncoder.java:52) at org.springframework.security.saml.processor.SAMLProcessorImpl.sendMessage(SAMLProcessorImpl.java:224) at org.springframework.security.saml.processor.SAMLProcessorImpl.sendMessage(SAMLProcessorImpl.java:192) at org.springframework.security.saml.websso.AbstractProfileBase.sendMessage(AbstractProfileBase.java:148) at org.springframework.security.saml.websso.WebSSOProfileImpl.sendAuthenticationRequest(WebSSOProfileImpl.java:105) at com.vmware.vcloud.backendbase.federation.impl.CustomSamlEntryPoint.initializeSSO(CustomSamlEntryPoint.java:93) at org.springframework.security.saml.SAMLEntryPoint.commence(SAMLEntryPoint.java:153) at org.springframework.security.saml.SAMLEntryPoint.doFilter(SAMLEntryPoint.java:107) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) at org.springframework.osgi.service.importer.support.internal.aop.ServiceInvoker.doInvoke(ServiceInvoker.java:58) at org.springframework.osgi.service.importer.support.internal.aop.ServiceInvoker.invoke(ServiceInvoker.java:62) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:132)
* ERROR | pool-jetty-68 | SLF4JLogChute | ResourceManager : unable to find resource '/templates/saml2-post-binding.vm' in any resource loader. | requestId=<REQUEST_UUID>,request=GET (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) lik...,accept=text/html application/xhtml+xml */*
* DEBUG | pool-jetty-68 | SAMLEntryPoint | Error initializing entry point | requestId=f1990691-5c73-4658-8ead-1c2efc27109c,request=GET (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) lik...,accept=text/html application/xhtml+xml */* org.opensaml.ws.message.encoder.MessageEncodingException: Error creating output document at org.opensaml.saml2.binding.encoding.HTTPPostEncoder.postEncode(HTTPPostEncoder.java:140) at org.opensaml.saml2.binding.encoding.HTTPPostEncoder.doEncode(HTTPPostEncoder.java:112) at org.opensaml.ws.message.encoder.BaseMessageEncoder.encode(BaseMessageEncoder.java:52) at org.springframework.security.saml.processor.SAMLProcessorImpl.sendMessage(SAMLProcessorImpl.java:224) at org.springframework.security.saml.processor.SAMLProcessorImpl.sendMessage(SAMLProcessorImpl.java:192) at org.springframework.security.saml.websso.AbstractProfileBase.sendMessage(AbstractProfileBase.java:148) at org.springframework.security.saml.websso.WebSSOProfileImpl.sendAuthenticationRequest(WebSSOProfileImpl.java:105) at com.vmware.vcloud.backendbase.federation.impl.CustomSamlEntryPoint.initializeSSO(CustomSamlEntryPoint.java:93) at org.springframework.security.saml.SAMLEntryPoint.commence(SAMLEntryPoint.java:153) at org.springframework.security.saml.SAMLEntryPoint.doFilter(SAMLEntryPoint.java:107) at sun.reflect.GeneratedMethodAccessor588.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) [...] at java.lang.Thread.run(Thread.java:745) Caused by: org.apache.velocity.exception.ResourceNotFoundException: Unable to find resource '/templates/saml2-post-binding.vm' at org.apache.velocity.runtime.resource.ResourceManagerImpl.loadResource(ResourceManagerImpl.java:483) at org.apache.velocity.runtime.resource.ResourceManagerImpl.getResource(ResourceManagerImpl.java:354) at org.apache.velocity.runtime.RuntimeInstance.getTemplate(RuntimeInstance.java:1400) at org.apache.velocity.app.VelocityEngine.mergeTemplate(VelocityEngine.java:370) at org.opensaml.saml2.binding.encoding.HTTPPostEncoder.postEncode(HTTPPostEncoder.java:136) ... 131 more
To resolve the SAML authentication issues in vCloud Director 8.10 and 8.20, remove the SingleSignOnService HTTP-POST bindings from the SAML_metadata.xml file and let the HTTP-Redirect bindings handle the request.