This topic tells you how to resolve common errors that arise when configuring a single sign-on partnership between Microsoft Entra ID and Single Sign‑On for VMware Tanzu Application Service.

Failed Login

Symptom

You cannot log in to your Single Sign‑On plan.

Solution

Possible solutions are as follows:

  • VMware recommends using a different browser or deleting your browser cache and history before you log in to your Single Sign‑On plan. Your Single Sign‑On plan can fail if you are already logged in to Microsoft Entra ID as the Global Administrator account that was used to set up all the configurations.

  • If your login fails more than five times, Azure locks your account for 30 minutes. There is currently no way to unlock an account in Microsoft Entra ID, so wait for the lockout period.

  • VMware recommends testing your Single Sign‑On plan from Microsoft Entra ID to see the contents of the SAML assertion. For more information, see Test Your Configurations in Microsoft Entra ID.

App ID Not Found

Symptom

You see an error similar to the following screenshot:

The error message on the sign in page reads: Sorry, but we're having trouble signing you in. We received a bad request.

Explanation

The App ID URI is misconfigured on Microsoft Entra ID.

Reply URL Does Not Match

Symptom

You see an error similar to the following screenshot:

The error message on the sign in page reads: Sorry, but we're having trouble signing you in. We received a bad request.

Explanation

The Reply URL is misconfigured on Microsoft Entra ID.

Missing Name ID

Symptom

You see an error similar to the following screenshot:

In the Identity provider metadata section of a plan pane, the error message below the Fetch Metadata button reads: Error processing metadata.

Explanation

The identity provider metadata has the RoleDescriptor elements or is missing configurations for Name ID. See Configure Identity Provider Metadata.

check-circle-line exclamation-circle-line close-line
Scroll to top icon