1. When trying to log in to VCF Operations using SSO, the following error is shown:

ERROR:  VCF Identity Broker encountered an issue during authentication.  Please contact your VCF Admin with the below details for resolution."

VCF Operations 9.x

VCF Identity Broker 9.x

The underlying cause is a certificate mismatch between the Active Directory (AD) environment and the VCF Identity Broker configuration following an AD certificate renewal.

To restore authentication services, please perform the following steps within the VCF interface:

1. login to the VCF Operations
2.  Navigate to Fleet Management > Identity & Access > VCF Instances 
3. Select Identity source tab
4. Select the relevant identity provider and click Edit.
5. Upload the updated root certificate for the domain controller.
6. Click Save.
7. Select Check/Retry Sync to verify the configuration.

Uploading the new root certificate re-establishes the trust relationship between the VCF Identity Broker and the Active Directory domain controller. Once the sync successfully completes, the authentication handshake is restored, allowing users to successfully log into the management and workload domains using SSO credentials.