Unable to login to Cloud Director Provider Portal, the UI does not load
Article ID: 385516
Updated On:
Products
VMware Cloud Director
Issue/Introduction
While logging to Cloud Director Provider Portal, UI does not come up and blank screen is displayed
/opt/vmware/vcloud-director/logs/container-debug.log indicates :
2024-12-02 10:17:49,866 | DEBUG | pool-jetty-292128 | SAMLAuthenticationProvider | Error validating SAML message | requestId=xx.xxx.xxx.xx,request=POST /login/org/system/saml/SSO/alias/vcd,requestTime=1733134669809,remoteAddress=xx.xx.xx.xx,userAgent=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/201...,accept=text/html application/xhtml+xml application/xml;q 0.9 */*;q 0.8org.opensaml.common.SAMLException: Response issue time is either too old or with date in the future, skew 60, time 2024-12-02T10:16:46.223Z at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:126) at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:88) at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182) at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:92)Environment
VMware Cloud Director 10.x
Cause
This issue occurs when the cell clock in Cloud Director is out of sync, causing a request-response time discrepancy. Since VMware Cloud Director (VCD) allows a maximum time difference of 60 seconds, any time difference exceeding this limit results in a login failure
Resolution
To resolve the issue, follow these steps:
1. Reconfigure NTP on all Cloud Director cells to ensure they are properly synchronized.
2. Restart the NTP service by running the following command:
systemctl restart systemd-timesyncd.service -l
3. Verify that the NTP service is running correctly by checking the status with:
timedatectl status
Feedback
Yes
No
Powered by
