Getting really weird issue with Vshpere web client, where I can’t log into user through the web, but through PowerCLI I can.
Really need help to figuring out why it’s happening.
Here’s a short log of what hapenning
[auditlogger] {"user":"[email protected]","client":"172.16.10.1","timestamp":"10/03/2022 18:26:13 GMT","description":"User [email protected]@172.16.10.1 logged in with response code 200","eventSeverity":"INFO","type":"com.vmware.sso.LoginSuccess"}
2022-10-03T18:26:13.634Z ERROR websso[54:tomcat-http--24] [CorId=a1c35081-9448-4dc7-90ae-d05ab94cc9d7] [com.vmware.identity.SsoController] Could not handle SAML Authentication request
com.vmware.identity.saml.UnsupportedTokenLifetimeException: The requested token start time differs from the issue instant more than the acceptable deviation (clock tolerance) of 60000 ms. Requested token start time=Mon Oct 03 18:24:58 GMT 2022, issue instant time=Mon Oct 03 18:26:13 GMT 2022. This might be due to a clock skew problem.
at com.vmware.identity.saml.impl.TokenLifetimeRemediator.validateStartTimeWithTolerance(TokenLifetimeRemediator.java:243) ~[samlauthority-7.0.0.jar:?]
at com.vmware.identity.saml.impl.TokenLifetimeRemediator.getTokenStartTime(TokenLifetimeRemediator.java:221) ~[samlauthority-7.0.0.jar:?]
at com.vmware.identity.saml.impl.TokenLifetimeRemediator.remediateTokenValidity(TokenLifetimeRemediator.java:67) ~[samlauthority-7.0.0.jar:?]
at com.vmware.identity.saml.impl.TokenAuthorityImpl.issueToken(TokenAuthorityImpl.java:180) ~[samlauthority-7.0.0.jar:?]
at com.vmware.identity.samlservice.AuthnRequestState.createToken(AuthnRequestState.java:552) ~[websso-7.0.0.jar:?]
at com.vmware.identity.samlservice.AuthnRequestState.authenticate(AuthnRequestState.java:516) ~[websso-7.0.0.jar:?]
at com.vmware.identity.BaseSsoController.processSsoRequest(BaseSsoController.java:89) ~[websso-7.0.0.jar:?]
at com.vmware.identity.SsoController.sso(SsoController.java:101) [websso-7.0.0.jar:?]
at sun.reflect.GeneratedMethodAccessor328.invoke(Unknown Source) ~[?:?]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_261]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_261]
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:190) [spring-web-5.2.9.RELEASE.jar:5.2.9.RELEASE]
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138) [spring-web-5.2.9.RELEASE.jar:5.2.9.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:105) [spring-webmvc-5.2.9.RELEASE.jar:5.2.9.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:878) [spring-webmvc-5.2.9.RELEASE.jar:5.2.9.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:792) [spring-webmvc-5.2.9.RELEASE.jar:5.2.9.RELEASE]
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) [spring-webmvc-5.2.9.RELEASE.jar:5.2.9.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1040) [spring-webmvc-5.2.9.RELEASE.jar:5.2.9.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:943) [spring-webmvc-5.2.9.RELEASE.jar:5.2.9.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) [spring-webmvc-5.2.9.RELEASE.jar:5.2.9.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:909) [spring-webmvc-5.2.9.RELEASE.jar:5.2.9.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:660) [servlet-api.jar:?]
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) [spring-webmvc-5.2.9.RELEASE.jar:5.2.9.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) [servlet-api.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) [catalina.jar:8.5.51]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.51]
at com.vmware.identity.SecurityRequestWrapperFilter.doFilterInternal(SecurityRequestWrapperFilter.java:49) [websso-7.0.0.jar:?]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.9.RELEASE.jar:5.2.9.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.51]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.51]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) [tomcat-websocket.jar:8.5.51]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.51]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.51]
at com.vmware.identity.diagnostics.STSLogDiagnosticsFilter.doFilter(STSLogDiagnosticsFilter.java:85) [vmware-identity-diagnostics-7.0.0.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.51]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.51]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:200) [catalina.jar:8.5.51]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [catalina.jar:8.5.51]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543) [catalina.jar:8.5.51]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) [catalina.jar:8.5.51]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) [catalina.jar:8.5.51]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:688) [catalina.jar:8.5.51]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [catalina.jar:8.5.51]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [catalina.jar:8.5.51]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:609) [tomcat-coyote.jar:8.5.51]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) [tomcat-coyote.jar:8.5.51]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:818) [tomcat-coyote.jar:8.5.51]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1623) [tomcat-coyote.jar:8.5.51]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-coyote.jar:8.5.51]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_261]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_261]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.5.51]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_261]
2022-10-03T18:26:13.656Z WARN websso[54:tomcat-http--24] [CorId=a1c35081-9448-4dc7-90ae-d05ab94cc9d7] [com.vmware.identity.samlservice.SamlValidator.ValidationResult] Encountered status code that is not localized. No message found under code 'BadRequest.The requested token start time differs from the issue instant more than the acceptable deviation (clock tolerance) of 60000 ms. Requested token start time=Mon Oct 03 18:24:58 GMT 2022, issue instant time=Mon Oct 03 18:26:13 GMT 2022. This might be due to a clock skew problem.' for locale 'en_US'.
2022-10-03T18:26:13.656Z INFO websso[54:tomcat-http--24] [CorId=a1c35081-9448-4dc7-90ae-d05ab94cc9d7] [com.vmware.identity.SsoController] Responded with ERROR 400, message BadRequest, The requested token start time differs from the issue instant more than the acceptable deviation (clock tolerance) of 60000 ms. Requested token start time=Mon Oct 03 18:24:58 GMT 2022, issue instant time=Mon Oct 03 18:26:13 GMT 2022. This might be due to a clock skew problem.