The vCenter Single Sign-On server provides a Security Token Service (STS). A token uses the Security Assertion Markup Language (SAML), which is an XML encoding of authentication data.

vCenter Single Sign-On authentication can use the following identity store technologies:

This API defines a set of request operations that correspond to the WS-Trust 1.4 bindings:

Issue – Obtains a token from a vCenter Single Sign-On server.
Renew – Renews an existing token.
Validate – Validates an existing token.
Challenge – Part of a negotiation with a vCenter Single Sign-On server to obtain a token.

The vCenter Single Sign-On SDK includes Java bindings for the vCenter Single Sign-On WSDL. The SDK also contains sample code that demonstrates client-side support for the WSSecurityPolicy standard. Security policies specify the elements that provide SOAP message security. To secure SOAP messages, a client inserts digital signatures, certificates, and SAML tokens into the SOAP headers for vCenter Single Sign-On requests. The Java sample includes a JAX-WS implementation of SOAP header methods that support the vCenter Single Sign-On security policies.

The vCenter Single Sign-On SDK is bundled in the vSphere Management SDK.

The Single Sign-On service endpoint is

For more information about using the vCenter Single Sign-On API, see the following documentation:

vCenter Single Sign-On Programming Guide