[500] An error occurred while processing the authentication response from the vCenter Single Sign-On server. Details: Empty SSO response string
search cancel

[500] An error occurred while processing the authentication response from the vCenter Single Sign-On server. Details: Empty SSO response string

book

Article ID: 425476

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

When attempting to log into the vCenter Server UI the following red banner error is received:

[500] An error occurred while processing the authentication response from the vCenter Single Sign-On server. Details: Empty SSO response string.

Additionally, SDDC manager shows below error: 

The logging below is observable in the vCenter Server log file /var/log/vmware/vsphere-ui/logs/vsphere_client_virgo.log:

[YYYY-MM-DDTHH:MM:SS.sssZ] [ERROR] nio-127.0.0.1-5090-exec-2716 xxxxxxxx xxxxxx ###### com.vmware.vim.sso.client.impl.SoapBindingImpl  Error communicating to the remote server http://localhost:1080/external-vecs/http2/VCENTER_FQDN/443/sts/STSService/vsphere.local com.sun.xml.internal.ws.client.ClientTransportException: The server sent HTTP status code 503: Service Unavailable
        at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.checkStatusCode(HttpTransportPipe.java:310)

[YYYY-MM-DDTHH:MM:SS.sssZ] [ERROR] nio-127.0.0.1-5090-exec-2716 xxxxxxxx xxxxxx ###### com.vmware.vsphere.client.security.sso.SsoAuthenticationHandler   Error during authentication com.vmware.vcenter.apigw.session.SessionCreationException: Invalid token

Caused by: com.vmware.vcenter.apigw.api.sso.SsoServiceException: Token validation failed
        at com.vmware.vcenter.apigw.sso.impl.SsoServiceImpl.validateToken(Unknown Source)
        ... 228 common frames omitted
Caused by: com.vmware.vim.sso.client.exception.ServerCommunicationException: Error communicating to the remote server http://localhost:1080/external-vecs/http2/VCENTER_FQDN/443/sts/STSService/vsphere.local
        at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.sendRequest(SecurityTokenServiceImpl.java:996)
        at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.executeRoundtrip(SecurityTokenServiceImpl.java:902)
        at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl.validateToken(SecurityTokenServiceImpl.java:267)
        at com.vmware.vcenter.apigw.sso.impl.SsoServiceImpl.lambda$validateToken$10(Unknown Source)
        at com.vmware.vcenter.apigw.sso.impl.SsoServiceImpl.invokeStsClient(Unknown Source)
        ... 229 common frames omitted
Caused by: com.vmware.vim.sso.client.exception.ServerCommunicationException: Error communicating to the remote server http://localhost:1080/external-vecs/http2/VCENTER_FQDN/443/sts/STSService/vsphere.local
        at com.vmware.vim.sso.client.impl.SoapBindingImpl.sendMessage(SoapBindingImpl.java:226)

 

Environment

VCF 5.x

vCenter Server 8.x

Cause

When the vSphere Client UI sends a login request, a SAML token is expected to be returned by the STS service.

Instead, the STS service is returning a 503 Service Unavailable response - this is the cause of the "Empty SSO response string", causing the vSphere Client UI to return a 500 error.

Resolution

Either restart the services on the vCenter Server or reboot the vCenter VM, to ensure that the STS service returns the expected SAML token.

To restart the services - 

service-control --restart --all

 

Powered by Wolken Software