8th gen nuc needs a customised install with either the net-community vib or the usbnic fling slipstreamed in.
Officially vCenter 7 adds support for OIDC for ADFS only, however with some tweaks, it can be made to work using KeyCloak instead.
JAVA_OPTS_APPEND = "-Dkeycloak.profile.feature.scripts=enabled -Dkeycloak.profile.feature.upload_scripts=enabled"
https://vcenter.fqdn/ui/loginand enable Backchannel logout session required
openid-connectand Access Type to
domain, with the value matching the vmware SSO domain that will be used (e.g. the bit after the @ sign of the username, in my case
This sets the
sub claim in the JWT to be the plain username, as opposed to the internal keycloak user UUID which is the default. Without this, vcenter can't match to a user from LDAP
OpenID Endpoint Configurationand copy the URL
Under vCenter → Administration → Single Sign On → Configuration
Change identity providerand select
vmware, or the value picked for client ID in keycloak
If there are certificate errors, try also adding the LetsEncrypt root cert under vCenter → Administration → Certificates → Certificate Management. If this view does not render in chrome, try firefox, or logging in with