1. When attempting to logging in using Smart Card Authentication, it errors out with "Username and Password is Required".
2. On validating the content of /usr/lib/vmware-sso/vmware-sts/conf/clienttrustCA.pem file, the certificate chain is correct.
3. All the certificates inside clienttrustCA.pem have matching thumbprints, names, valid dates, and so on. The CA Names match the Smart Card User Certificate Chain too.
4. Port 3128 is open.

vCenter Server 8.0.x

After vCenter server upgrade to 8.0.x, the permission on the clienttrustCA.pem file has changed. The same is set to 640 for the clienttrustCA.pem file whereas prior to upgrade it was set to 644. 

Below is how it looked before the upgrade.

root@VC [ ~ ]# ls -la /usr/lib/vmware-sso/vmware-sts/conf/clienttrustCA.pem

-rw-r--r-- 1 root root 3271  /usr/lib/vmware-sso/vmware-sts/conf/clienttrustCA.pem
 

Below is how it looks after the upgrade:

root@VC [ ~ ]# ls -la /usr/lib/vmware-sso/vmware-sts/conf/clienttrustCA.pem

-rw-r----- 1 root root 3271  /usr/lib/vmware-sso/vmware-sts/conf/clienttrustCA.pem

Correct the permissions manually on the clienttrustCA.pem file by following the steps shared below. 

1. Login to the vCenter server via ssh.
2. Change appliance shell to bash shell.
3. Execute the command to correct the permissions on the clienttrustCA.pem file.

     chmod 644 /usr/lib/vmware-sso/vmware-sts/conf/clienttrustCA.pem

4. Validate that the permission change is reflecting correctly. 

Configure vCenter Server Smart Card Authentication to Request Client Certificates