Appendix B: Security : Single Sign-On : SSO Authentication Workflow
SSO Authentication Workflow
The following figure shows an SSO authentication workflow.
Figure 69. SSO Authentication Workflow
You can use SSO to authenticate with the vCloud API in the following ways:
*Use the POST/sessions vCloud API, which accepts security tokens as the request body:
*HTTP-Basic authenticationLogs in using user name and password to integrated identity provider for backwards-compatibility with vCloud Director v1.5.
*SAML assertionVerifies assertion is trusted.
*Proprietary tokenVerifies token from integrated identity provider is valid.
*Use the vCloud API GET /org/{id}/hostedIdentityProvider/token, which returns the security token for the integrated identity provider.
*HTTP-Basic authentication logs in using the user name and password.
*KerberosVerifies a Kerberos token using the Active Directory settings.
*Use the vCloud API GET /org/{id}/identityProviders which returns a list of identity providers (IdPs) federated with vCloud (currently integrated identity provider and possibly external identity provider) can be called anonymously.
*Use the vCloud API GET /org/{id}/saml/authnRequest, which returns the signed SAML AuthnRequest.