Login to vCenter with VCF SSO and MS ADFS Configured fails with "Access denied. Unable to authenticate the user"

search cancel

Login to vCenter with VCF SSO and MS ADFS Configured fails with "Access denied. Unable to authenticate the user"

book

Article ID: 405315

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

When attempting to login to vCenter with VCF SSO selected as the login method fails with access denied errors such as the following:

Environment

VMware vCenter Server 9.x

VMware VCF Operations 9.x

Resolution

1. Ensure on the MS ADFS side add a rule for type transform for an incoming claim:

Select incoming claim type - as the one selected while user sync unique attribute mapped to username. userPrincipleName

2. Edit the SAML context of the Identity Source via VCF Operations under Fleet Management > Identity and Access to: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

Additional Information

Configure Microsoft ADFS as an Identity Provider Using SAML

Feedback

thumb_up Yes

thumb_down No