This topic describes how to resolve common errors that arise when configuring a single sign-on partnership between Azure Active Directory (AD) and Single Sign‑On for VMware Tanzu Application Service.

Failed Login

Symptom

You cannot log in to your Single Sign‑On plan.

Solution

Possible solutions are as follows:

  • VMware recommends using a different browser or deleting your browser cache and history before you log in to your Single Sign‑On plan. Your Single Sign‑On plan can fail if you are already logged in to Azure AD as the Global Administrator account that was used to set up all the configurations.

  • If your login fails more than five times, Azure locks your account for 30 minutes. There is currently no way to unlock an account in Azure AD, so wait for the lockout period.

  • VMware recommends testing your Single Sign‑On plan from Azure AD to see the contents of the SAML assertion. For more information, see Test Your Configurations in Azure AD.

App ID Not Found

Symptom

You see an error similar to the following screenshot:

The error message on the
sign in page reads: Sorry, but we're having trouble signing you in. We received a bad request.

Explanation

The App ID URI is misconfigured on Azure AD.

Reply URL Does Not Match

Symptom

You see an error similar to the following screenshot:

The error message on the
sign in page reads: Sorry, but we're having trouble signing you in. We received a bad request.

Explanation

The Reply URL is misconfigured on Azure AD.

Missing Name ID

Symptom

You see an error similar to the following screenshot:

In the Identity
provider metadata section of a plan pane, the error message below the Fetch Metadata
button reads: Error processing metadata.

Explanation

The identity provider metadata has the RoleDescriptor elements or is missing configurations for Name ID. See Configure Identity Provider Metadata.

check-circle-line exclamation-circle-line close-line
Scroll to top icon