• VMware Aria Automation Orchestrator 8.x integrated with vCenter SSO will logoff immediately after providing the credentials and display the page similar to below.

VMware Aria Automation Orchestrator 8.x integrated with vcenter SSO as the identity provider.

• Clock difference between the vCenter and the VMware Aria Automation Orchestrator caused the authorization failure.
• Debugging from the browser will indicate HTTP 401 error code (unauthorized).
• The vCenter SSO logs can be verified that the authentication is successful. However, the VMware Aria Automation Orchestrator page will not load.
• services-logs/prelude/vco-app/file-logs/vco-server-app.log will have the below entries.

INFO vco [host='vco-app-7d69bfd64b-lzbtk' thread='http-nio-8280-exec-1' user='-' org='-' trace='-'] {} com.vmware.identity.websso.client.Message - Incoming or outgoing SAML message.
Message Type:AUTHN_RESPONSE
Message source:https://vcenter.vsphere.local/websso/SAML2/Metadata/vSphere.local
Message destination:https://vRO.vsphere.local/vco/org/vSphere.local/saml/websso/sso
Message validation result (for incoming messages):urn:oasis:names:tc:SAML:2.0:status:Success

INFO vco [host='vco-app-7d69bfd64b-lzbtk' thread='http-nio-8280-exec-1' user='-' org='-' trace='-'] {} com.vmware.identity.token.impl.SamlTokenImpl - SAML token for SubjectNameId [[email protected], format=http://schemas.xmlsoap.org/claims/UPN] successfully parsed from Element
INFO vco [host='vco-app-7d69bfd64b-lzbtk' thread='http-nio-8280-exec-1' user='-' org='-' trace='-'] {} com.vmware.identity.token.impl.SamlTokenImpl -  Token expiration date: Sat Jun 22 04:15:24 GMT 2024 is in the past.
ERROR vco [host='vco-app-7d69bfd64b-lzbtk' thread='http-nio-8280-exec-1' user='-' org='-' trace='-'] {} com.vmware.o11n.web.SamlLogonProcessor - An exception occurred while processing authentication success callback from SSO. Create logoutToken for '[email protected]'
ERROR vco [host='vco-app-7d69bfd64b-lzbtk' thread='http-nio-8280-exec-1' user='-' org='-' trace='-'] {} com.vmware.identity.websso.client.endpoint.SsoResponseListener - Authentication Exception:
com.vmware.vcac.authentication.http.SamlAuthenticationException: Token expiration date: Sat Jun 22 04:15:24 GMT 2024 is in the past.
        at com.vmware.o11n.authentication.http.SamlTokenExtractor.extractSamlToken(SamlTokenExtractor.java:76) ~[o11n-cafe-sdk-sso-8.18.0.jar:?]
        at com.vmware.o11n.web.SamlLogonProcessor.authenticationSuccess(SamlLogonProcessor.java:118) ~[o11n-security-sso-provider-8.18.0.jar:?]
        at com.vmware.identity.websso.client.endpoint.SsoResponseListener.authenticationSuccess(SsoResponseListener.java:165) ~[websso-1.0.0.jar:?]
        at com.vmware.identity.websso.client.endpoint.SsoResponseListener.consumeResponse(SsoResponseListener.java:127) [websso-1.0.0.jar:?]
        at com.vmware.identity.websso.client.endpoint.SsoResponseListener.consumeResponse(SsoResponseListener.java:89) [websso-1.0.0.jar:?]

• Configure both of the appliances vCenter and VMware Aria Automation Orchestrator to the same NTP server to sync the time.
• Steps: 
  1. Login in to the VAMI of the vCenter  as root : https://vCenter_IP:5480
  2. Select Time.
  3. Navigate to Time Synchronization.
  4. Click Edit.
  5. Under Mode, select NTP.
  6. Make note of the NTP severs 
  7. Login to the VMware Aria Automation Orchestrator as root and set the NTP server as per what you captured  on VC VAMI as per step 6. 
     • vracli ntp systemd --set 'ntp_address_1', 'ntp_address_2'  

'ntp_address_1', 'ntp_address_2' are the NTP server names. 

• • • To confirm the status of the NTP server configuration, run the command : vracli ntp status
• If this does not resolve the issue then you need to remove the authentication provider from VMware Aria Automation Orchestrator control center and register back again. 

• https://knowledge.broadcom.com/external/article/313945/configuring-vcenter-server-to-use-a-netw.html