We recently received a tweet request from a customer directed at our @vmwarekb account asking:
@VMwareKB Also when can I expect a best practice guide from VMware on SSO?
The answer is, while we don’t have one single document with our best practices for Single Sign On (SSO), we do have 65 and counting KB articles on the subject. That amount of content would not fit nicely if it were crammed into one article! Thinking that more of you may be asking the same question, I present for you a listing of all of our current SSO articles. In the meantime, we’ll keep working hard on providing the content you want.
- Single Sign On installation details matrix
- Single Sign On installation for non-English upgrade of vCenter Server
- Troubleshooting issues with Single Sign On in a VMware View environment
- Troubleshooting Single Sign On (SSO) issues in vCenter Server 5.1
- Troubleshooting Single Sign On and Active Directory domain authentication with the vCenter Server Appliance
- Troubleshooting Single Sign On based vSphere Web Client 5.0.x login errors
- Troubleshooting Single Sign On on a Windows Installation
- Troubleshooting Single Sign On with the vCenter Server Appliance configuration on an external database
- Troubleshooting SSL certificate updates and Single Sign On
- Troubleshooting the configuration of vCenter Single Sign On within the vCenter Server 5.1 Appliance
- Troubleshooting the vCenter Server Appliance with Single Sign On login
- Troubleshooting vCenter Server Appliance configuration with an external vCenter Single Sign On server
- Troubleshooting vCenter Single Sign On installations which fail with: Error 29114. Cannot connect to DB
- Troubleshooting vCenter Single Sign On when it does not start
- Installing Single Sign On fails with the error 20010: Failed to Configure LookupService
- Installing Single Sign On fails with the error: Error 29115 Cannot authenticate to DB
- Installing vCenter Single Sign On fails with error: Unable to create database schema: Invalid filegroup ‘RSA_INDEX’ specified
- Installing vCenter Single Sign On fails with the error: Error 20010: Failed to configure LookupService
- Installing vCenter Single Sign On fails with the error: Unable to create database users: Password validation failed
- Installing vCenter Single Sign On in a multisite deployment
- Installing vCenter Single Sign On in an IPv6 environment fails with the error: Error 29114.Cannot connect to database
- Installing vCenter Single Sign On on the Oracle database fails with the error: Failed to access configuration database
- Adding a vCenter Single Sign On Active Directory Identity Source fails with the LDAP error: The server requires binds to turn on integrity checking
- Adding vCenter Single Sign On Identity Source fails with the error: Unable to detect baseDN
- After making a change or restarting Single Sign On server system, vCenter Server 5.1.x fails to start
- After updating SSL certificate for vCenter Single Sign On, a newly installed instance of vCenter Server fails to start
- Backup and restore the vCenter Single Sign On (SSO) configuration
- Cannot install high-availability backup node after you change the SSL certificate for vCenter Single Sign On
- Comparing the behavior of vCenter Single Sign On with earlier versions of vCenter Server
- Configuring a vCenter Single Sign On Identity Source using LDAP with SSL (LDAPS)
- Configuring an Active Directory Federation Services Relying Party for use with Socialcast Single Sign On
- Configuring and troubleshooting vCenter Single Sign On password and lockout policies for accounts
- Configuring vCenter Single Sign On database connectivity with the vCenter Server Appliance
- Configuring vCenter Single Sign On for High Availability
- Enabling or disabling Single Sign On flow in Socialcast On Premise
- Enabling Single Sign On with Anonymous Access to the Customer Portal
- Exporting and importing for manual Single Sign On (SSO) replication in VMware vCenter Server 5.1.x
- Identifying the vCenter Single Sign On server deployment mode
- Location of Single Sign On log files for vCenter Server 5.1
- Logging into vCenter Orchestrator with vCenter Single Sign On fails if the System Domain is not in the list of Default Domains
- Logon in VSM 9.x is not evaluating new login info entered when Single Sign On (SSO) is enabled
- Navigating to the Log Browser after updating vSphere 5.1 Single Sign On Certificates fails with an Unauthorized Access error
- Registering vCenter Orchestrator with a vCenter Single Sign On server which contains a large number of groups might cause issues
- Resetting an expired password in VMware Single Sign On (SSO)
- Setting up Apache load balancing software with vCenter Single Sign On
- Signing in via Single Sign On in Socialcast fails with the error: Unable to decrypt the assertion
- Single sign on (SSO) does not work correctly when the HP RGS display protocol is used to connect
- Single Sign On (SSO) does not work with Windows virtual machines over PCoIP when interactive logon messages are enabled in a group policy
- Single Sign On (SSO) Occasionally Fails When Using Passwords with Fewer than Six Characters
- Single Sign On does not work over PCoIP when connecting to a Windows Vista Desktop
- Single sign on does not work when connecting from View Portal on Mac OS to a Terminal Server desktop back end
- Unable to delete a user or group from a vCenter Single Sign On (SSO) group
- Unlocking and resetting the vCenter Single Sign On (SSO) administrator password
- Update vCenter Single Sign On settings after you change the host name or port of the database server
- Updating SSL certificates for vCenter Single Sign On servers behind a load balancer
- Using existing SSL certificates in PingFederate for Socialcast On Premise Single Sign On
- vCenter Single Sign On (SSO) does not autodiscover trusted domains if domains are manually added
- vCenter Single Sign On and dependent services fail to start after you reboot the system
- vCenter Single Sign On fails at start up or during initialization
- vCenter Single Sign On fails to connect to a Microsoft SQL instance
- vCenter Single Sign On FAQ
- vCenter Single Sign On installer reports the error: Error 29155.Identity source discovery error
- Verifying the Single Sign On flow before activation in Socialcast On Premise
- VMware VirtualCenter Single Sign On and Lookup services fail to start after upgrading to vCenter Server 5.1
- vSphere 5.1 Single Sign On (SSO) installation fails with error: Error 29133. Administrator login error.
Why did you all make SSO so buggy and complicated in the first place??
Some quality control, maybe??
To echo Tom’s comments, why is such a bug ridden, half baked, and problematic piece of software released and required for 5.1? Huge fail on VMware’s part. Never deploying 5.1 in production because of these issues. No quality assurance.
Unfortunately the 65 KB articles in 3 months says it all. Poor documentation and implementation.
Still, I don’t see the best practices… Making simple things complicated and not considering future db server change? VMware is getting worse
i could not agree more! the reason why you have 65 articles is because SSO is a train wreck! This is so unlike VMware to release something so complex, poorly written and worst of all, a requirement. What about customers who have small environments and simple needs? We just want simple authentication via AD the way we have been doing it for years. Why would you force these less complex customers to use something that will leave a horrible taste in their mouth? Why are we executing sql scripts before installing SSO? A good installer will create the sql db for you. In my eyes VMware was untouchable in their innovation, architecture, simplicity. But with SSO it has destroyed my image of them.