Failed to create/update embedded identity source in SDDC Manager
search cancel

Failed to create/update embedded identity source in SDDC Manager

book

Article ID: 386774

calendar_today

Updated On: 02-19-2025

Products

VMware SDDC Manager

Issue/Introduction

When trying to add or update an identity provider through SDDC Manager, an error is thrown, citing problems with BER/DER data.

Below, the error message reads:    Failed to create/update embedded identity source. java.io.IOException: Invalid BER/DER data (too huge?), Invalid BER/DER data (too huge?)

Environment

VCF 5.x

SDDC Manager 5.2.x

Cause

When trying to add an LDAPs provider, a certificate is required to verify authenticity of the LDAPs domain controller. If the certificate file is corrupt or has invalid content within (e.g. blank space characters), then the certificate data will be treated as invalid, causing the LDAPs domain controller to fail to authenticate with VCF and the identity provider failing to add.

Resolution

Generate a new certificate file to use for the LDAPs domain controller. Present this new certificate file to SDDC Manager when adding the Identity Provider.

To add the identity provider with new certificate:

  1. In the navigation pane, click Single Sign On under the Administration line.
  2. Click Identity Provider.
  3. Click Add and select AD over LDAP or OpenLDAP.
  4. Click Next.
  5. Enter the server settings. Be sure to select and upload the ldaps domain controller certificate by clicking the BROWSE button. Click Next.
  6. Review the information and click Submit.