I'm trying to follow the vSphere Client SDK (6.7 U2) documentation for setting up the development environment and I'm stuck with the following message when trying to access https://localhost:9433/ui.
[400] An error occurred while sending an authentication request to the vCenter Single Sign-On server - An error occurred when processing the metadata during vCenter Single Sign-On setup - null.
I'm just trying the simplest thing - to run tomcat server located in vsphere-ui/server. It looks like being started successfully, but in the browser I'm getting the aforementioned message. I should note that I can access and log into the vCenter UI URL without any issues, the error only happens when I access the UI through local server. These are the messages I'm getting in the vsphere_client_virgo.log:
[2020-04-03T15:23:14.173+02:00] [ERROR] cm-catalog-manager-pool-25 com.vmware.vise.vim.security.sso.impl.NgcSolutionUser Solution user login into domain vsphere.local failed. com.vmware.vim.sso.client.exception.AuthenticationFailedException: Request signature is not valid. Check if the confirmation certificate matches the given private key.
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.handleFaultCondition(SecurityTokenServiceImpl.java:1070)
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.sendRequest(SecurityTokenServiceImpl.java:932)
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.executeRoundtrip(SecurityTokenServiceImpl.java:856)
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl.acquireTokenByCertificate(SecurityTokenServiceImpl.java:477)
at com.vmware.vise.vim.security.sso.impl.SsoUtilInternal.acquireTokenByCertificate(SsoUtilInternal.java:987)
at com.vmware.vise.vim.security.sso.impl.NgcSolutionUser.login(NgcSolutionUser.java:237)
at com.vmware.vise.vim.security.sso.impl.NgcSolutionUser.getLoggedInTokenEx(NgcSolutionUser.java:164)
at com.vmware.vise.vim.security.sso.impl.NgcSolutionUser.getLoggedInToken(NgcSolutionUser.java:148)
at com.vmware.vise.vim.lookup.LsCatalogManager.executeDownload(LsCatalogManager.java:1373)
at com.vmware.vise.vim.lookup.LsCatalogManager.downloadResourceBundle(LsCatalogManager.java:1326)
[2020-04-03T15:23:14.172+02:00] [ERROR] cm-catalog-manager-pool-25 com.vmware.vim.sso.client.impl.SoapBindingImpl SOAP fault com.sun.xml.internal.ws.fault.ServerSOAPFaultException: Client received SOAP Fault from server: Signature is invalid. Please see the server log to find more detail regarding exact cause of the failure.
at com.sun.xml.internal.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:178)
I tried to investigate and solve these, but it didn't bring me much further. What I've tried so far:
- Automated registration of local vSphere client
- Manual registration of local vSphere client
- Checking webclient.properties and ds.properties
- Swapping FQDN for IPs and other way around in webclient.properties and ds.properties
- Running ./dev-setup.sh line by line and checking intermediate steps
- Running ./dev-setup.sh with machine certificate instead of vsphere-webclient
- Renewing certificates from vSphere UI (Administration/Certificates/Certificate Management)
- Resetting all certificates from `/usr/lib/vmware/vcma/bin/certificate-manager`
- Different SDK versions (6.7, 6.7 U1, 6.7 U2)
- Changing default identity source in Administration/SSO/Configuration (I have two there – vsphere.local and local OS)
- Syncing time on the vCenter with NTP server
Really lost at this point as nothing seems to work. Help highly appreciated.