When logging in through the vSphere Web Client you recieve the following error message:
400] An error occurred while sending an authentication request to the vCenter Single Sign-On server – An error occurred when processing metadata during vCenter Single Sign-On setup: the service provider validation failed. Verify that the server URL is correct and is in FQDN format, or that the hostname is a trusted service provider alias.
The problem happens when your vCenter has several domain names or is behind NAT. This FQDN or IP address is simply not accepted by Single-Sign-On (SSO).
Connect to vCenter via SSH. Drop into shell:
shell
Let’s look at the Single-Sign-On settings.
cd /etc/vmware/vsphere-ui/ cat webclient.properties | grep whitelist
There are no settings. Let’s uncomment this option and add the required aliases, separated by commas. We normally specify these while creating an SSL certificate.
service-control --stop vsphere-ui
make a backup of the config:
cp webclient.properties /var/tmp/webclient.properties.bak
Edit webclient.properties:
vim webclient.properties
Add FQDN aliases separated by commas.
start the vsphere-ui service:
service-control --start vsphere-ui
Authentication will now function on every FQDN.
