"Unable to login. Reason:Unauthorized".
web.log found in /common/logs/admin will show below errors:
<timestamps> UTC [https-jsse-nio-8443-exec-8, , , TxId: ] INFO c.v.i.t.i.X509TrustChainKeySelector- Failed to find trusted path to signing certificate <CN=ssoserverSign>
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
<timestamps> UTC [https-jsse-nio-8443-exec-8, , , TxId: ] ERROR c.v.i.token.impl.SamlTokenImpl- Signature validation failed
javax.xml.crypto.dsig.XMLSignatureException: the keyselector did not find a validation key
<timestamps> UTC [https-jsse-nio-8443-exec-8, , , TxId: ] ERROR c.v.v.h.a.AccessTokenRestController- Signature validation failed
com.vmware.vim.sso.client.exception.MalformedTokenException: Signature validation failed
<timestamps> UTC [https-jsse-nio-8443-exec-8, , , TxId: ] INFO c.v.v.h.a.HybridityAuthenticationEntryPoint- AuthenticationEntryPoint - unauthorized request for URI /hybridity/api/sessions
<timestamps> UTC [https-jsse-nio-8443-exec-8, , , TxId: ] ERROR c.v.v.h.a.HybridityAuthenticationEntryPoint- AuthenticationEntryPoint - got AuthenticationException
org.springframework.security.authentication.BadCredentialsException: Signature validation failed
VMware HCX
vCenter Server
This issue arises from a mismatch between the STS certificate stored in the HCX database and the one currently used by vCenter SSO.
Configuration >> SSO >> EDIT >> Validate the SSO Provider URL is correct and "SAVE".[Collect Core HCX Logs + Collect Database Dump] and upload to SR.