Error "Your Single Sign-On attempt failed" When attempting to login to VMware Cloud Director using an Identity Provider (IDP)
search cancel

Error "Your Single Sign-On attempt failed" When attempting to login to VMware Cloud Director using an Identity Provider (IDP)

book

Article ID: 388118

calendar_today

Updated On: 02-20-2025

Products

VMware Cloud Director

Issue/Introduction

  • When attempting to login to VMware vCloud Director using IDP authentication it fails with the error "Your Single Sign-On attempt failed"


  • In the /opt/vmware/vcloud-director/logs/vcloud-container-debug.log you see entries similar to:

    2025-02-04 08:26:57,515 | DEBUG    | pool-jetty-25             | OIDCServiceImpl                | Failed to retrieve OIDC user information | requestId=########-####-####-####-############,request=
    GET https://<vcloud-drector-url>/login/oauth,requestTime=1738654017332,remoteAddress=###.###.###.###:#####,userAgent=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/201...,accept=text/html application/xhtml+xml application/xml;q 0.9 */*;q 0.8
    org.springframework.security.oauth2.core.OAuth2AuthenticationException: [invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource from 'https://<IDP-URL>.example.com/api/oidc/userinfo': response contains invalid content type 'application/jwt;charset=utf-8'. The UserInfo Response should return a JSON object (content type 'application/json') that contains a collection of name and value pairs of the claims about the authenticated End-User. Please ensure the UserInfo Uri in UserInfoEndpoint for Client Registration '########-####-####-####-############' conforms to the UserInfo Endpoint, as defined in OpenID Connect 1.0: 'https://openid.net/specs/openid-connect-core-1_0.html#UserInfo'
            at org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService.getResponse(DefaultOAuth2UserService.java:151)
            at org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService.loadUser(DefaultOAuth2UserService.java:110)
            at com.vmware.ssdc.backendbase.oauth.OIDCServiceImpl.getUserInfo(OIDCServiceImpl.java:157)
            at com.vmware.ssdc.backendbase.oauth.OIDCServiceImpl.retrieveOIDCUserInfo(OIDCServiceImpl.java:231)
            at com.vmware.ssdc.backendbase.oauth.OIDCServiceImpl.retrieveUserInformation(OIDCServiceImpl.java:145)
            at com.vmware.ssdc.backendbase.CSecurityManager.loginWithOIDC(CSecurityManager.java:638)
            at com.vmware.vcloud.ui.h5auth.OAuthAuthenticationSuccessHandler.handle(OAuthAuthenticationSuccessHandler.java:77)
            at org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler.onAuthenticationSuccess(SimpleUrlAuthenticationSuccessHandler.java:62)
            at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.successfulAuthentication(AbstractAuthenticationProcessingFilter.java:333)
            at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:241)
            at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221)
            at com.vmware.vcloud.ui.h5auth.filters.OAuthFilter.doFilter(OAuthFilter.java:87)
            at com.vmware.vcloud.ui.h5auth.filters.NestedFilterChain.doFilter(NestedFilterChain.java:46)
            at com.vmware.vcloud.ui.h5auth.filters.UnfirewalledFilterChainProxy.doFilter(UnfirewalledFilterChainProxy.java:62)
            at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
            at com.vmware.vcloud.ui.h5auth.filters.OAuthRedirectInterceptorFilter.doFilterInternal(OAuthRedirectInterceptorFilter.java:51)
            at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
            at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
            at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:227)
            at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221)
            at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)


Environment

VMware Cloud Director 10.x

Cause

This issue is caused due to the IDP provider not sending the UserInfo in a JSON format.

Resolution

To resolve this issue please contact your Identity Provider to ensure that the UserInfo being sent to VMware Cloud Director is in JSON format.