"Error occurred while configuring the component for SSO" reported during Identity Component configuration on VCF 9.x
search cancel

"Error occurred while configuring the component for SSO" reported during Identity Component configuration on VCF 9.x

book

Article ID: 436874

calendar_today

Updated On:

Products

VMware vCenter Server VCF Operations

Issue/Introduction

  • Attempting to configure VCF Single Sign-On (SSO) for a workload domain vCenter, the configuration may fail with "Error occurred while configuring the component for SSO. Check Support Logs under Control Panel for more details." 

  • /storage/log/vcops/vcops-bridge.log: (on VCF Operations)

YYYY-MM-DDTHH:MM:SS INFO  vcfops-bridge <PID> [ops@<ID> threadId="<TID>" threadName="DistTaskAuthSourceTaskTimer"] [com.vmware.vcops.bridge.server.vidb.persistence.VidbAuthSourceService.updateAuthSource] -
 Updating the Auth source configuration AuthSourceConfig{vidbResourceId='<UUID>', clientId='null', vidbHostname='<VIDB FQDN>', vcfInstanceId='<Instance ID>', vcfComponentId=<component ID>, componentHostname='<Workload vCenter FQDN>', errorMessage='API call https://<Workload vCenter FQDN>/api/session failed with status 401 and error {"error_type":"UNAUTHENTICATED","messages":[]}', componentType=VCENTER, status=FAILED, createdAt=<>, lastActiveTime=<>, editable=true, updatedAt=<>}

Environment

VMware Cloud Foundation (VCF) 9.x

vCenter 9.x

Cause

The issue is caused by a synchronization or connectivity drift between the VCF instance and the workload domain vCenter after the upgrade. The "Object Down" status indicates the VCF Operations appliance cannot establish a valid API session, resulting in a 401 UNAUTHENTICATED error during the SSO component registration

Navigating to Ops Console > Administration > Integration > VCF Instance shows the Workload Domain vCenter with:

State: Collecting
Status: Object Down
Message: Unable to connect to VC

Resolution

Proceed to update the credential for workload vCenter Instance

  1. Log in to the VCF Operations (Operations Console) UI
  2. Navigate to Administration -> Integration -> Accounts -> VMware Cloud Foundation -> VCF Instance
  3. Identify the workload domain vCenter reporting the Object Down status
  4. Perform a manual Reconfigure for that specific vCenter instance
    1. Click on the vertical ellipsis (⋮) next to the affected workload vCenter Instance and click edit
    2. Update the Credential section with the updated password of the configured user

Note: If the registration is using System Managed Credential, this manual step is not required

  1. Verify the status returns to healthy/connected
  2. Return to Fleet Management > Identity & Access > VCF Instances and retry the SSO Configure Component

Additional Information

To clean stale identity source, Refer to Unable to configure VCF SSO vCenter component for workload domain

Validate if there is a restriction to configure external IDP using Unable to Configure VCF SSO for vCenter Component in Workload Domain Managed by SDDC Manager or Fleet Manager

Powered by Wolken Software