Data Protection Central: When Configuring SSO for Data Domain, it Fails to Configure.
Summary: This article shows how to resolve issues when setting up Single Sign-On (SSO) from Data Protection Central (DPC) to Data Domain.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
In the DPC UI, you click Reregister SSO for a Data Domain server.
After you click Reregister SSO, you check the Audit tab and see that registration failed. Expand the failure, and you see the following error:
Checking the elg.log file you find the following errors:
2020-06-29 13:49:36,424 WARN OkHttp https://<DD hostname>:3009/... c.e.c.t.TaskServiceImpl Reregistration of SSO client for <DD hostname> failed java.util.concurrent.CompletionException: com.emc.clp.spi.ForbiddenException: Administrator credentials required for the SSO registration at java.util.concurrent.CompletableFuture.encodeThrowable(CompletableFuture.java:273) at java.util.concurrent.CompletableFuture.completeThrowable(CompletableFuture.java:280) at java.util.concurrent.CompletableFuture.uniHandle(CompletableFuture.java:838) at java.util.concurrent.CompletableFuture$UniHandle.tryFire(CompletableFuture.java:811) at java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:488) at java.util.concurrent.CompletableFuture.completeExceptionally(CompletableFuture.java:1990) at com.emc.edp.http.OkHttpHttpClient.fail(OkHttpHttpClient.java:677) at com.emc.edp.http.OkHttpHttpClient.access$400(OkHttpHttpClient.java:34) at com.emc.edp.http.OkHttpHttpClient$3.onResponse(OkHttpHttpClient.java:555) at okhttp3.RealCall$AsyncCall.execute(RealCall.java:174) at okhttp3.internal.NamedRunnable.run(NamedRunnable.java:32) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: com.emc.clp.spi.ForbiddenException: Administrator credentials required for the SSO registration at com.emc.clp.plugin.datadomain.DataDomainElementalHandler.lambda$handleClientRegistration$3(DataDomainElementalHandler.java:281) at com.emc.dpc.common.util.CompletableFutureUtils.lambda$convertException$0(CompletableFutureUtils.java:110) at java.util.concurrent.CompletableFuture.uniHandle(CompletableFuture.java:836) ... 11 common frames omitted Caused by: com.emc.edp.http.HttpException: [500] Internal Server Error at com.emc.edp.http.OkHttpHttpClient.createHttpException(OkHttpHttpClient.java:670) at com.emc.clp.plugin.datadomain.http.DataDomainHttpClient.createHttpException(DataDomainHttpClient.java:314) ... 6 common frames omitted Caused by: com.emc.edp.http.OkHttpHttpClient$OriginalRequest: POST https://<DD hostname>:3009/rest/v1.0/trust at com.emc.edp.http.OkHttpHttpClient.startRequest(OkHttpHttpClient.java:502) at com.emc.edp.http.OkHttpHttpClient.startRequest(OkHttpHttpClient.java:474) at com.emc.clp.plugin.datadomain.http.DataDomainHttpClient.post(DataDomainHttpClient.java:155) at com.emc.clp.plugin.datadomain.DataDomainElementalHandler.handleClientRegistration(DataDomainElementalHandler.java:279) at com.emc.clp.security.sso.SsoElementalRegistrationService.sendSsoRegistrationRequestToElemental(SsoElementalRegistrationService.java:333) at com.emc.clp.security.sso.SsoElementalRegistrationService.lambda$getRegisterSubTasks$4(SsoElementalRegistrationService.java:154) at java.util.concurrent.CompletableFuture.uniCompose(CompletableFuture.java:966) at java.util.concurrent.CompletableFuture$UniCompose.tryFire(CompletableFuture.java:940) at java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:488) at java.util.concurrent.CompletableFuture.completeExceptionally(CompletableFuture.java:1990) at com.emc.edp.http.OkHttpHttpClient.fail(OkHttpHttpClient.java:677) at com.emc.edp.http.OkHttpHttpClient.access$400(OkHttpHttpClient.java:34) ... 6 common frames omitted
Cause
The sysadmin account is the only account that can register SSO in a Data Domain.
In this case, you are getting Administrator credentials required errors. Data Domain was discovered in DPC with a user other than sysadmin and that is causing this to fail.
In this case, you are getting Administrator credentials required errors. Data Domain was discovered in DPC with a user other than sysadmin and that is causing this to fail.
Resolution
In the log, you see the following credential error that is causing registration to fail:
Caused by: com.emc.clp.spi.ForbiddenException: Administrator credentials required for the SSO registration
- To register with SSO, you have to use the sysadmin account as that is the only account that can register SSO. Even other admin accounts do not have that right.
- When Data Domain was discovered in DPC, it may not have been given the sysadmin account. Edit the Data Domain in the DPC system management page and put in the sysadmin account and the password for that account.
- Attempt to register SSO again from DPC UI.
Contact Dell Support for further questions.
Affected Products
Data Protection CentralArticle Properties
Article Number: 000173543
Article Type: Solution
Last Modified: 26 Mar 2025
Version: 7
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.