Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
Web client login to vCenter fails with "Invalid Credential".In the websso.log, you see entries similar to: [2019-05-10T12:28:00.720+12:00 tomcat-http--37 domain.local fa32f63f-7e22-434d-9bf3-8700c526a4ee ERROR com.vmware.identity.samlservice.impl.CasIdmAccessor] Caught exception.com.vmware.identity.idm.IDMLoginException: Native platform error [code: -1073741809][null][null] at com.vmware.identity.idm.server.ServerUtils.getRemoteException(ServerUtils.java:124) ~[vmware-identity-idm-server-7.0.0.jar:?] at com.vmware.identity.idm.server.IdentityManager.authenticate(IdentityManager.java:9757) ~[vmware-identity-idm-server-7.0.0.jar:?] at com.vmware.identity.idm.client.CasIdmClient.authenticate(CasIdmClient.java:1263) ~[vmware-identity-idm-client-7.0.0.jar:?] at com.vmware.identity.samlservice.impl.CasIdmAccessor.authenticate(CasIdmAccessor.java:470) [websso-7.0.0.jar:?] at com.vmware.identity.samlservice.impl.AuthnRequestStatePasswordAuthenticationFilter.authenticate(AuthnRequestStatePasswordAuthenticationFilter.java:95) [websso-7.0.0.jar:?] at com.vmware.identity.samlservice.impl.AuthnRequestStatePasswordAuthenticationFilter.authenticate(AuthnRequestStatePasswordAuthenticationFilter.java:45) [websso-7.0.0.jar:?] at com.vmware.identity.samlservice.impl.AuthnRequestStateCookieWrapper.authenticate(AuthnRequestStateCookieWrapper.java:123) [websso-7.0.0.jar:?] at com.vmware.identity.samlservice.impl.AuthnRequestStateCookieWrapper.authenticate(AuthnRequestStateCookieWrapper.java:43) [websso-7.0.0.jar:?] at com.vmware.identity.samlservice.AuthnRequestState.authenticate(AuthnRequestState.java:463) [websso-7.0.0.jar:?] at com.vmware.identity.BaseSsoController.processSsoRequest(BaseSsoController.java:89) [websso-7.0.0.jar:?] at com.vmware.identity.SsoController.sso(SsoController.java:100) [websso-7.0.0.jar:?] at sun.reflect.GeneratedMethodAccessor169.invoke(Unknown Source) ~[?:?] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_202] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_202][2019-05-10T12:28:00.730+12:00 tomcat-http--37 domain.local fa32f63f-7e22-434d-9bf3-8700c526a4ee INFO auditlogger] {"user":"username@domain.com","client":"xx.xx.xx.xx","timestamp":"05/10/2019 12:28:00 NZST","description":"User username@domain.com@<ip addr> failed to log in with response code 401","eventSeverity":"INFO","type":"com.vmware.sso.LoginFailure"}[2019-05-10T12:28:00.730+12:00 tomcat-http--37 domain.local fa32f63f-7e22-434d-9bf3-8700c526a4ee ERROR com.vmware.identity.samlservice.AuthnRequestState] Caught Saml Service Exception from authenticate com.vmware.identity.samlservice.SamlServiceException[2019-05-10T12:28:00.730+12:00 tomcat-http--37 domain.local fa32f63f-7e22-434d-9bf3-8700c526a4ee INFO com.vmware.identity.samlservice.impl.SAMLAuthnResponseSender] Responded with ERROR 401 message Invalid credentials[2019-05-10T12:28:00.730+12:00 tomcat-http--37 domain.local fa32f63f-7e22-434d-9bf3-8700c526a4ee INFO com.vmware.identity.BaseSsoController] End processing SP-Initiated SSO response. Session was created.[2019-05-10T12:28:19.959+12:00 tomcat-http--18 domain.local 5510ee91-12ab-4d0b-a541-dc5045c7420c INFO com.vmware.identity.SsoController] Welcome to SP-initiated AuthnRequest handler! The client locale is en_GB, tenant is domain.local[2019-05-10T12:28:19.959+12:00 tomcat-http--18 domain.local 5510ee91-12ab-4d0b-a541-dc5045c7420c INFO com.vmware.identity.SsoController] Request URL is https://v-vcs-psc.vmware.com/websso/SAML2/SSO/domain.local[2019-05-10T12:28:20.005+12:00 tomcat-http--18 domain.local 3877ddc2-42fe-4c04-a7b3-ae9bdd2f4f90 INFO com.vmware.identity.samlservice.impl.AuthnRequestStateValidator] Authn request proxyCount= null set isProxying=false[2019-05-10T12:28:20.012+12:00 tomcat-http--18 domain.local 3877ddc2-42fe-4c04-a7b3-ae9bdd2f4f90 INFO com.vmware.identity.samlservice.impl.AuthnRequestStateValidator] Authentication request validation succeeded[2019-05-10T12:28:20.018+12:00 tomcat-http--18 domain.local 3877ddc2-42fe-4c04-a7b3-ae9bdd2f4f90 INFO com.vmware.identity.idm.server.provider.activedirectory.ActiveDirectoryProvider] Failed to retrieve default UPN for principal username@domain.comcom.vmware.identity.idm.InvalidPrincipalException: Principal id username@domain.com does not exist "Do not use Kerberos preauthentication" flag is set to enabled in Active Directory. Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
To resolve this issue, uncheck the option "Do not require Kerberos preauthentication" flag from Active Directory.