SSO and Authenticating with the vCloud API
The following are ways you can use SSO to authenticate with the vCloud API.
You can use the POST/sessions vCloud API, as this accepts security tokens as the request body:
HTTP-Basic authentication
– Logs in using user name and password to integrated identity provider for backwards-compatibility with vCloud Director v1.5.
SAML assertion
– Verifies assertion is trusted.
Proprietary token
– Verifies token from integrated identity provider is valid.
You can use the vCloud API GET /org/{id}/hostedIdentityProvider/token, which returns the security token for the integrated identity provider.
HTTP-Basic authentication logs in using the user name and password.
Kerberos
– Verifies a Kerberos token using the Active Directory settings.
You can use the vCloud API GET /org/{id}/identityProviders which returns a list of IdPs federated with vCloud (currently integrated identity provider and possibly external identity provider) can be called anonymously.
You can use the vCloud API GET /org/{id}/saml/authnRequest, which returns the signed SAML AuthnRequest.