Establishing a Single Sign-On Session with a vCenter Server

vSphere uses single sign-on to provide a single point of authentication for clients. vSphere includes the vCenter Single Sign-On Server. To use vCenter Single Sign-On, your client obtains a SAML token (Security Assertion Markup Language) from the vCenter Single Sign-On Server and passes the token to the vCenter Server in the login request. The token represents the client and contains claims that support client authentication. Components in the vSphere environment perform operations based on the original authentication. For information about obtaining a vCenter Single Sign-On token from the vCenter Single Sign-On Server, see
vCenter Single Sign On Programming Guide
.
To use single sign on, your client calls the
LoginByToken
method. Your client must send a SAML token to the vCenter Server by embedding the token in the SOAP header for the
LoginByToken
request. During the login sequence, your client must save and restore the HTTP session cookie. The vCenter Single Sign-On SDK contains sample code that demonstrates how to use the
LoginByToken
method.
The following sections describe examples of using the
LoginByToken
method to establish a vCenter Single Sign On session with a vCenter Server.