Error "Your Single Sign-On attempt failed" When attempting to login to VMware Cloud Director using an Identity Provider (IDP)
search cancel

Error "Your Single Sign-On attempt failed" When attempting to login to VMware Cloud Director using an Identity Provider (IDP)

book

Article ID: 388118

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

  • When attempting to login to VMware vCloud Director using IDP authentication it fails with the error "Your Single Sign-On attempt failed"


  • In the /opt/vmware/vcloud-director/logs/vcloud-container-debug.log you see entries similar to:

    2025-02-04 08:26:57,515 | DEBUG    | pool-jetty-25             | OIDCServiceImpl                | Failed to retrieve OIDC user information | requestId=########-####-####-####-############,request=
    GET https://<vcloud-drector-url>/login/oauth,requestTime=1738654017332,remoteAddress=###.###.###.###:#####,userAgent=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/201...,accept=text/html application/xhtml+xml application/xml;q 0.9 */*;q 0.8
    org.springframework.security.oauth2.core.OAuth2AuthenticationException: [invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource from 'https://<IDP-URL>.example.com/api/oidc/userinfo': response contains invalid content type 'application/jwt;charset=utf-8'. The UserInfo Response should return a JSON object (content type 'application/json') that contains a collection of name and value pairs of the claims about the authenticated End-User. Please ensure the UserInfo Uri in UserInfoEndpoint for Client Registration '########-####-####-####-############' conforms to the UserInfo Endpoint, as defined in OpenID Connect 1.0: 'https://openid.net/specs/openid-connect-core-1_0.html#UserInfo'
            at org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService.getResponse(DefaultOAuth2UserService.java:151)
            at org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService.loadUser(DefaultOAuth2UserService.java:110)
            at com.vmware.ssdc.backendbase.oauth.OIDCServiceImpl.getUserInfo(OIDCServiceImpl.java:157)
            at com.vmware.ssdc.backendbase.oauth.OIDCServiceImpl.retrieveOIDCUserInfo(OIDCServiceImpl.java:231)
            at com.vmware.ssdc.backendbase.oauth.OIDCServiceImpl.retrieveUserInformation(OIDCServiceImpl.java:145)
            at com.vmware.ssdc.backendbase.CSecurityManager.loginWithOIDC(CSecurityManager.java:638)
            at com.vmware.vcloud.ui.h5auth.OAuthAuthenticationSuccessHandler.handle(OAuthAuthenticationSuccessHandler.java:77)
            at org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler.onAuthenticationSuccess(SimpleUrlAuthenticationSuccessHandler.java:62)
            at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.successfulAuthentication(AbstractAuthenticationProcessingFilter.java:333)
            at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:241)
            at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221)
            at com.vmware.vcloud.ui.h5auth.filters.OAuthFilter.doFilter(OAuthFilter.java:87)
            at com.vmware.vcloud.ui.h5auth.filters.NestedFilterChain.doFilter(NestedFilterChain.java:46)
            at com.vmware.vcloud.ui.h5auth.filters.UnfirewalledFilterChainProxy.doFilter(UnfirewalledFilterChainProxy.java:62)
            at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
            at com.vmware.vcloud.ui.h5auth.filters.OAuthRedirectInterceptorFilter.doFilterInternal(OAuthRedirectInterceptorFilter.java:51)
            at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
            at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
            at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:227)
            at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221)
            at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)


Environment

VMware Cloud Director 10.x

Cause

This issue is caused due to the IDP provider not sending the UserInfo in a JSON format.

Resolution

To resolve this issue please contact your Identity Provider to ensure that the UserInfo being sent to VMware Cloud Director is in JSON format.

Powered by Wolken Software