"[400] An error occurred while sending an authentication request" while logging in to vSphere Client using the vCenter Server shortname
search cancel

"[400] An error occurred while sending an authentication request" while logging in to vSphere Client using the vCenter Server shortname

book

Article ID: 318196

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:
  • Logging onto vSphere Client using the vCenter Server shortname results in the following error:
[400] An error occurred while sending an authentication request to the vCenter Single Sign-On server- An error occurred when processing meta data during vCenter Single Sign-On setup:the service provider validation failed. Verify that the server URL is correct and is in FQDN format, or that the hostname is a trusted service provider alias.
 
[400] An error occurred while sending an authentication request in vCenter-UI
  • Issue is not observed while using the Fully Qualified Domain Name (FQDN) or IP address resolve reverse to the FQDN of the vCenter Server


Environment

VMware vCenter Server 7.0.x

Resolution


This is an expected behavior.
VMware vSphere 7.0 enforce FQDN or IP address reverse resolvable to FQDN to allow authentication for Single-Sign on.

Workaround:

Process to workaround the issue:

To enable short name access to vCenter, add the desired shortname in webclient.properties file.
Note: Ensure you have a backup of vCenter Server Appliance (vcsa) before making any changes

  1. Log in to the vCenter Server via SSH/PuTTY session as root, and enable shell
  2. Stop the vSphere client service using below command
service-control --stop vsphere-ui
  1. Navigate to the vsphere-ui location to edit webclient.properties
cd /etc/vmware/vsphere-ui/
  1. Before editing take a backup of webclient.properties  using below command,
    • cp webclient.properties /var/tmp/webclient.properties.bak
  2. Add the desired shortname under the sso.serviceprovider.alias.whitelist
  • vi webclient.properties
  • Type i to enter insert mode
  • Remove the comment (#) for sso.serviceprovider.alias.whitelist=
  • Add the shortname (comma separated if there are multiple values)
  • Save and exit the VI editor by pressing Esc to exit insert mode, then wq!
  • Example:
    • sso.serviceprovider.alias.whitelist=vcsa70
  1. Start the vSphere client service.
service-control --start vsphere-ui


Powered by Wolken Software