SAML Authentication Redirect Issue in VMware Cloud Director
search cancel

SAML Authentication Redirect Issue in VMware Cloud Director

book

Article ID: 377524

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

  • SAML authentication in VMware Cloud Director users are consistently redirected to the external URL after successful SAML authentication, regardless of whether they initially accessed VCD via an internal or external URL.

Environment

VMware Cloud Director

Cause

  • This discrepancy occurs because the SAML request from Cloud Director includes only a single AssertionConsumerService (ACS) URL, which defaults to the external URL.
  • Cloud Director sends only one ACS URL (index 0) in the SAML request, configured to be the external URL.
  • This configuration does not support multiple ACS URLs, resulting in the redirection issue.

Resolution

This resolution is based on the understanding that Cloud Director supports a single public ACS URL, which is reflected in the observed behavior.

To address this issue, the following steps are recommended:

  1. Configure Cloud Director with a Single Public Address: Ensure that the public address configured in Cloud Director aligns with the primary access method (external URL) used by the majority of users. 

  2. Utilize Internal Access for Troubleshooting: Use internal URLs only for specific internal access or troubleshooting scenarios, as direct access via internal URLs is not recommended for general use.

Additional Information

Consult the Cloud Director documentation for best practices on configuring SAML authentication and managing public addresses:

Configure VMware Cloud Director Public Addresses

Configure Your VMware Cloud Director System to Use a SAML Identity Provider

Powered by Wolken Software