When attempting to log in to the VMware Cloud Director (VCD) 10.6.1 Provider or Tenant portal using either local administrator credentials or Single Sign-On (SSO) authentication, the login attempt fails.

Users may encounter the error message: “Your Single Sign-On attempt failed.”

Authentication-related errors may be observed in the VMware Cloud Director logs indicating failures in obtaining access tokens, which correspond to the expired OIDC keys and resulting login failures across the UI.

| DEBUG | pool-jetty-69354 | OAuthFilter | Could not obtain access token | requestId=bxxxxxx-xxxx-xxxxx-xxxx-9dxxxxxxx, request=GET https://hostname.xxxx.xxxx.xxxxx.xxx.com/login/oauth, requestTime=176xxxxxxxx, remoteAddress=<ipaddress>, userAgent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) ...

This prevented proper authentication, resulting in login failures for users across the UI.

VMware vCloud Director 10.6

The OIDC Key Rotation job is associated with a VMware Cloud Director cell that is in an inactive state. The job does not execute as scheduled to refresh the Single Sign-On (SSO) authentication keys. Since the keys are not rotated periodically, they expire and cause authentication issues.

 To resolve this issue, please open a Support Request with Broadcom Technical Support and note this Article ID (428009) in the problem description. For more information, see Creating and managing Broadcom support cases.