vCenter Server Single Sign-On Session

After you obtain a SAML token from the vCenter Single Sign-On server, you can use the vSphere Web Services API method
LoginByToken
to establish a single sign-on session with a vCenter Server. See vCenter Single Sign-On Client Example (JAX-WS) for an example of obtaining a vCenter Single Sign-On token.
At the beginning of a vCenter Single Sign-On session, your client is responsible for the following tasks:
  • Insert the vCenter Single Sign-On token and a timestamp into the SOAP header of the
    LoginByToken
    message.
  • Maintain the vCenter Server session cookie. During the login sequence, the server produces an HTTP session cookie to support the persistent connection. Your client must save this cookie and re-introduce it at the appropriate times.
  • If at a later time your client invokes the
    LoginByToken
    method, or other login method, the Server issues a new session cookie in response. You must have a cookie handler in place to save the cookie for subsequent requests.
The example program uses these general steps:
  1. Call the
    RetrieveServiceContent
    method. The method establishes the connection with the vCenter Server and provides access to the
    SessionManager
    managed object.
  2. Call the
    LoginByToken
    method to authenticate the vCenter session. To send the token to the vCenter Server, the client uses a handler to embed the token and a time stamp in the SOAP header for the message. The client uses an HTTP header handler method to extract the cookie from the vCenter Server response.
  3. Restore the session cookie for future requests. To identify the session started with the
    LoginByToken
    method, the client uses a handler to embed the session cookie in the HTTP header.