Use the POST/sessions vCloud API, which accepts security tokens as the request body:

HTTP-Basic authentication – Logs in using user name and password to integrated identity provider for backwards-compatibility with vCloud Director v1.5.

SAML assertion – Verifies assertion is trusted.

Proprietary token – Verifies token from integrated identity provider is valid.

Use the vCloud API GET /org/{id}/hostedIdentityProvider/token, which returns the security token for the integrated identity provider.

HTTP-Basic authentication logs in using the user name and password.

Kerberos – Verifies a Kerberos token using the Active Directory settings.

Use the vCloud API GET /org/{id}/identityProviders which returns a list of identity providers (IdPs) federated with vCloud (currently integrated identity provider and possibly external identity provider) can be called anonymously.

Use the vCloud API GET /org/{id}/saml/authnRequest, which returns the signed SAML AuthnRequest.