PingFederate Integration with vCenter Fails with Error "Invalid Client Credentials".
search cancel

PingFederate Integration with vCenter Fails with Error "Invalid Client Credentials".

book

Article ID: 379028

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

Error  : User getting Access Denied when trying to login to VC with PingFederate.

 

Errors in logs  : 

/var/log/vmware/vc-ws1a-broker/federation-service.log :


[YYYY-MM-DDTHH:MM:SS] WARN sc2-10-212-27-106.XXXX.XX.vmware.com:federation
(federation-business-pool-0) [CUSTOMER ;-; 10.xx.xx.xx.;c206753f-625f-4bbf-b0e4-XXXXXXX ;-; aa662cle-XXX-4f75-XXXX-XXXXXXXX]

com.vmware.vidm. federation.authenticator.oidc.OidcAuthenticator - Exception occurred while retrieving oidc tokens

com.vmware.vidm.federation.authenticator.oidc.OidcAuthenticationException: Unable to get ID token and access token

Caused by: io.vertx.core.impl.NoStackTraceThrowable: invalid_client: Invalid client or client credentials.

Environment

vcenter 8.0 U3

Cause

The Ping app client credentials needs to be correct in VC IDP configuration. If this goes out of sync, we get the Access Denied error.

Resolution

1. Edit IDP Configuration from vCenter Server UI and enter the correct client credentials.
2. If we don't have the client secret stored, login to Ping Admin UI.
3. Generate a new client secret for the Ping App and update it in the vCenter Server IDP configuration.

Additional Information

NA

Powered by Wolken Software