If you already installed vCenter 5.1, and configured an Identity Source, you may have ran into this situation. In some cases, in a hurry, you just go there and provide your user/pass credentials to register an Identity Source, or an super user credentials. What happens if someday this account get blocked, or if you change its password? You need to go to the SSO configuration and also change it. Here are the screen where you need to do so:
The doc http://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-B23B1360-8838-4FF2-B074-71643C4CB040.html explains about it:
When you use the authentication type Password for an identity source, you must update the identity source details whenever the password changes for the configured user. You update the password on the Edit Identity Source dialog box.
If the user account is locked or disabled, authentications and group and group and user searches in the Active Directory domain will fail. The user account must have read-only access over the User and Group OU, and must be able to read user and group attributes. This is the default Active Directory domain configuration for user permissions. VMware recommends using a special service user to ensure that the password does not expire and lock out or disable the user account.
Thanks to Mauricio Altamura on this information.