UPDATED 20/05/2017: This issue has now been fixed in vCloud Director for Service Providers 188.8.131.52 – upgrading to this version will solve this issue.
Happy Friday; a quick write up on a bug affecting vCloud Director SAML Identity Provider component. The bug manifested after an Identity Provider was configured for one ADFS Server and then changed to another. After the change when attempting to perform the Regenerate Certificate function Cannot remove Entity ID for SAML identification for org was thrown and HTTP 500 ERROR java.servlet.ServletException : Error initializing metadata when accessing Metadata for Federation
A bug exists that is known to occur if Federation has been configured previously and then changed to a new identity provider.
Known Affected: vCloud Director for Service Providers (all versions including 8.20)
VMWare Support have advised that this is a known issue and Engineering have a fix which will be implemented in the next release. For now the following will get you back up and running.
The following assumes your vCloud database is running on MSSQL and named vcloud; substitute queries as required to meet your environment.
Step 3. Execute the following query to get the OrgId for the affected Organization
Step 4. Identify the SAML Policy Id by executing the following query against the Identity_Provider table
SELECT [id], [org_id], [provider_type],[provider_definition_id],[is_enabled]
WHERE [org_id] = <OrgId>
Step 5. Set the metadata to A blank value for the provider definition id by executing the following:
Verify by executing the query
SELECT [org_id], [expiration_date],[is_cert_expiry_notified],[entity_id],[role_attribute]
WHERE [org_id] = <Org Id>
Step 7. Set the value to NULL by performing an UPDATE
Step 10. Setup your SAML Identity Provider; QED