Error: "VCF Identity Broker encountered an issue during authentication" when trying to login with SSO to the management domain vCenter
search cancel

Error: "VCF Identity Broker encountered an issue during authentication" when trying to login with SSO to the management domain vCenter

book

Article ID: 423152

calendar_today

Updated On:

Products

VCF Operations

Issue/Introduction

When attempting to log in to the Management Domain vCenter using Single Sign-On (SSO), the following error is displayed in the user interface (UI):

VCF Identity Broker encountered an issue during authentication.

Message: Invalid access policy.

This behavior occurs even after manually updating the Identity Provider (IDP) configuration.

Environment

VCF Operations 9.0.x

Cause

A manual update to the IDP configuration for the vCenter Server does not automatically trigger a refresh of the authentication policy within the VCF Identity Broker. The Identity Broker retains the previous invalid access policy until the vCenter Server is reregistered within the Management Domain.

Resolution

To resolve this issue, perform a reregistration of the Management Domain vCenter Server to apply the new IDP configuration:

  1. Log in to the VCF Operations UI.
  2. Navigate to Fleet Managemet > Identity & Access > VCF Instances
  3. Select the Management Domain.
  4. Click on "Deregister Component".
  5. Once Management Domain is deregistered, follow steps on to reconfigure VCF SSO for the management domain
  6. Verify that the SSO login succeeds without the "Invalid access policy" error.

Note:  The fix to the issue will be applied on future release.

Powered by Wolken Software