Establishing a Single
Sign-On Session with a vCenter Server
vSphere uses single sign-on to provide a
single point of authentication for clients. vSphere includes the vCenter Single
Sign-On Server. To use vCenter Single Sign-On, your client obtains a SAML token
(Security Assertion Markup Language) from the vCenter Single Sign-On Server and
passes the token to the vCenter Server in the login request. The token
represents the client and contains claims that support client authentication.
Components in the vSphere environment perform operations based on the original
authentication. For information about obtaining a vCenter Single Sign-On token
from the vCenter Single Sign-On Server, see
vCenter Single Sign On Programming
Guide
.
To use single sign on, your client calls the
LoginByToken
method. Your client
must send a SAML token to the vCenter Server by embedding the token in the SOAP
header for the
LoginByToken
request. During the
login sequence, your client must save and restore the HTTP session cookie. The
vCenter Single Sign-On SDK contains sample code that demonstrates how to use
the
LoginByToken
method.
The following sections describe examples of using
the
LoginByToken
method to establish
a vCenter Single Sign On session with a vCenter Server.