The only URL that was given to them was.
https://(VCD FQDN)/tenant/(org)/vdcs
So essentially, they were locked out, and did not know how to get back in. They did not know why SAML was not working either. So called for support.
First, I gave them the URL to be able to login with local authentication; and verified they could get in while I looked into the SAML issue.
https://(VCD FQDN)/tenant/(org)/login
After looking thru the /opt/vmware/vcloud-director/logs/vcloud-container-debug.log
I see errors pertaining to time sync issues:
org.opensaml.common.SAMLException: Response issue time is either too old or with date in the future, skew 60, time
Since this was a customer SML setup I did not have access to the Azure AD servers they were authenticating to. I asked them to check the time on the AD server.
While waiting I restarted NTP service and forced a NTP time sync. Even though the local time looked fine in VCD. After that SAML started working.
