AD-based vCenter users frequently encounter authentication errors when requesting the /appliance API endpoint, caused by an unhandled crypto error from the OpenSSL library.
Example endpoints affected:
This issue has been resolved in vCenter Server 8.x.
This issue is caused by an unhandled crypto error from the OpenSSL library.
A similar error message can be found in the logs at: /var/log/vmware/applmgmt.
ERROR:vmware.appliance.vapi.auth:Could not parse HOK Token: Traceback (most recent call last):
File "/usr/lib/applmgmt/lib/extensions/py/vmware/appliance/extensions/authentication/authentication_sso.py", line 000, in validate self.validate_certificate()
File "/usr/lib/applmgmt/lib/extensions/py/vmware/appliance/extensions/authentication/authentication_sso.py", line 000, in validate_certificate self.add_x509_pem_header(c)) for c in certsFromToken]
File "/usr/lib/applmgmt/lib/extensions/py/vmware/appliance/extensions/authentication/authentication_sso.py", line 000, in <listcomp> self.add_x509_pem_header(c)) for c in certsFromToken]
File "/usr/lib/python3.7/site-packages/OpenSSL/crypto.py", line 000, in load_certificate_raise_current_error()
File "/usr/lib/python3.7/site-packages/OpenSSL/_util.py", line 000, in exception_from_error_queue raise exception_type(errors) OpenSSL.crypto.Error: []
File "/usr/lib/applmgmt/vapi/py/vmware/appliance/vapi/auth.py", line 000, in authenticate username = token.username
File "/usr/lib/applmgmt/lib/extensions/py/vmware/appliance/extensions/authentication/authentication_sso.py", line 000, in username return self.get_name_id().value
File "/usr/lib/applmgmt/lib/extensions/py/vmware/appliance/extensions/authentication/authentication_sso.py", line 000, in get_name_id '//saml2:Subject/saml2:NameID', self.reference)
File "/usr/lib/applmgmt/lib/extensions/py/vmware/appliance/extensions/authentication/authentication_sso.py", line 000, in reference self.validate()
File "/usr/lib/applmgmt/lib/extensions/py/vmware/appliance/extensions/authentication/authentication_sso.py", line 000, in validate reference = super(HolderOfKeyToken, self).validate()
File "/usr/lib/applmgmt/lib/extensions/py/vmware/appliance/extensions/authentication/authentication_sso.py", line 000, in validate raise AuthenticationError('Unhandled exception') vmware.appliance.extensions.authentication.authentication_sso.AuthenticationError: Unhandled exception
Issue has been fixed in vCenter 8.x