• When configuring OpenID Connect (OIDC) in VMware Cloud Foundation Automation (VCFA), you cannot use preferred_username or a custom claim as the Subject.
• In the tenant manager, the configuration fails and the following error is observed:
  • java.lang.IllegalArgumentException: Missing attribute 'preferred_username' in attributes
• The claim in question can be seen in the list
• This issue may also affect other Identity Providers: see the Cause and Resolution sections for details.

• VMware Cloud Foundation Automation 9.0.x
• VMware Cloud Foundation Automation 9.1.0.x
• Microsoft Entra (IdP)

VCFA 9.0.x can only use claims which are in the userinfo data as the primary attribute for establishing the user

Microsoft hard-code the userinfo endpoint in Entra and it cannot be customised: 
  https://learn.microsoft.com/en-us/entra/identity-platform/userinfo#notes-and-caveats-on-the-userinfo-endpoint  

This is a known issue and a fix is planned for a future release. For more information, please contact Broadcom Support.

Workaround

If using B2C variants of Entra ID it may be possible to alter the userinfo by using custom policies:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/userinfo-endpoint?pivots=b2c-custom-policy   

If you are not using B2C Entra ID, Microsoft provide another endpoint that may be available with the same token:
https://graph.microsoft.com/v1.0/me 
It may be possible to use that endpoint as the userinfo endpoint, and set the mapping to fields that it provides.

Graph API has different attribute names, but in particular, id should be tenant-unique.
User Principle Name (UPN) may also be worth considering as a primary attribute

More info: 

• If you follow the Try Graph Explorer link from https://graph.microsoft.com then it brings you to a sandbox that starts at the above endpoint.
• This endpoint is documented at:  https://learn.microsoft.com/en-us/graph/api/user-get?view=graph-rest-1.0&tabs=http#examples