Symptoms
Logging onto vSphere Client using the vCenter Server shortname results in the following error:
[400] An error occurred while sending an authentication request to the vCenter Single Sign-On server- An error occurred when processing meta data during vCenter Single Sign-On setup:the service provider validation failed. Verify that the server URL is correct and is in FQDN format, or that the hostname is a trusted service provider alias.
Issue is not observed while using the Fully Qualified Domain Name (FQDN) or IP address resolve reverse to the FQDN of the vCenter Server
Resolution
This is an expected behavior.VMware vSphere 7.0 enforce FQDN or IP address reverse resolvable to FQDN to allow authentication for Single-Sign on.
Workaround
Process to workaround the issue:
To enable short name access to vCenter, add the desired shortname in webclient.properties file.Note: Ensure you have a backup of vCenter Server Appliance (vcsa) before making any changes
Log in to the vCenter Server via SSH/PuTTY session as root, and enable shellStop the vSphere client service using below command
service-control --stop vsphere-ui
Navigate to the vsphere-ui location to edit webclient.properties
cd /etc/vmware/vsphere-ui/
Before editing take a backup of webclient.properties using below command,
cp webclient.properties /var/tmp/webclient.properties.bak
Add the desired shortname under the sso.serviceprovider.alias.whitelist
vi webclient.propertiesType i to enter insert modeRemove the comment (#) for sso.serviceprovider.alias.whitelist=Add the shortname (comma separated if there are multiple values)Save and exit the VI editor by pressing Esc to exit insert mode, then wq!Example:
sso.serviceprovider.alias.whitelist=vcsa70
Start the vSphere client service.
service-control --start vsphere-ui
