vCenter Single Sign-On Token Delegation

Holder-of-key tokens can be delegated to services in the vSphere environment. A service that uses a delegated token performs the service on behalf of the principle that provided the token. A token request specifies a

DelegateTo

identity. The

DelegateTo

value can either be a solution token or a reference to a solution token.

Components in the vSphere environment can use delegated tokens. vSphere clients that use the

LoginByToken

method to connect to a vCenter server do not use delegated tokens. The vCenter server will use a vSphere client’s token to obtain a delegated token. The vCenter server will use the delegated token to perform operations on behalf of the user after the user’s vCenter session has ended. For example, a user may schedule operations to occur over an extended period of time. The vCenter server will use a delegated token to support these operations.

Acquiring a SAML Token from a vCenter Single Sign-On Server

Content feedback and comments

VMware vSphere SDKs and Tools 6.5

vCenter Single Sign-On Token Delegation