After deleting and subsequently re-creating the Single Sign-On (SSO) integration in VCF Operations 9.x, users are unable to log in using SSO credentials.

When attempting to authenticate via VCF Operations or vCenter, the UI displays the following error message: "Authentication was unsuccessful. Verify your credentials or contact your administrator if the issue persists."

VMware Cloud Foundation (VCF) Operations 9.x

Directory Search Attribute in the identity source configuration set incorrectly to sAMAccountName or userPrincipalName.

Note, can also occur when VCF OPs SSO has been reset and there is a stale SSO Managed Status Ownership in vCenter under  'Configure' → 'Settings' → 'Advanced Settings'  'config.OPERATIONS.vcf.sso.ops.cluster.id'.

To resolve this issue, you must update the identity source configuration to use the correct search attribute.

1. Log in to the VCF Operations admin UI using a local administrator account.

2. Navigate to the Authentication Sources or SSO Configuration settings.

3. Select the relevant Identity Source/SSO integration and click Edit.

4. Locate the Directory Search Attribute field.

5. Change the value from sAMAccountName to userPrincipalName or userPrincipalName to sAMAccountName depending on the unique identifier mapped from VCF Identity Broker to an attribute name in Active Directory.

6. Save the configuration.

7. Attempt to log in using an SSO account to verify the fix.

Note, if SSO has been reset and vCenter still shows a stale Managed SSO configuration,

• Reset SSO and Clear vCenter's SSO managed configuration.
  
  
• Reboot VCF OPs and vCenter appliances.
  
  
• Reconfigure Operations SSO and Repeat Steps 1 through 7.

Configure VCF SSO with modern identity provider for authentication and AD/LDAP for user-group provisioning.

Important

• Ensure that the unique identifier in VCF Identity Broker is mandatorily mapped to an attribute name from Active Directory.
• Ensure that the value of the unique identifiers from both the systems are equal. 

Configure a New VCF Single Sign-On for a VCF Instance

Adding Directories in VMware Cloud Foundation Identity