Following the application of Security Technical Implementation Guides (STIGs) to the vCenter Server, users are experiencing login issues when accessing the vSphere web UI.
Here's a breakdown of the issue:
Important observations:
VMware vCenter Server 7.0.x
To ensure proper SSO configuration in vCenter, follow these steps:
1. Verify SSO Configuration:
/opt/vmware/bin/sso-config.sh -get_authn_policy -t vsphere.local
SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in [jar:file:/usr/lib/vmware-sso/vmware-sts/webapps/ROOT/WEB-INF/lib/log4j-slf4j-impl-2.21.1.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in [jar:file:/opt/vmware/lib64/log4j-slf4j-impl-2.21.1.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
SLF4J: Actual binding is of type [org.apache.logging.slf4j.Log4jLoggerFactory]
Authentication policy on tenant : 'vsphere.local' :
IsPasswordAuthEnabled: true
IsWindowsAuthEnabled: true
IsTLSClientCertAuthnEnabled: false
IsSecurIDAuthnEnabled: false
revocationCheckEnabled: true
useOCSP: false
2. Correcting SSO Configuration (if necessary):
/opt/vmware/bin/sso-config.sh -set_authn_policy -pwdAuthn true -winAuthn true -certAuthn false -securIDAuthn false -t vsphere.local
3. Restart vCenter Services:
service-control --stop --all && service-control --start --all