vCenter Server Single Sign-On Session Using Java
After you obtain a SAML token from the vCenter Single Sign-On Server, you can use the vSphere Web Services API method LoginByToken to establish a vCenter Single Sign-On session with a vCenter Server. At the beginning of the session, your client is responsible for the following tasks:
- Insert the vCenter Single Sign-On token and a timestamp into the SOAP header of the LoginByToken message.
- Maintain the vCenter session cookie. During the login sequence, the Server produces an HTTP session cookie to support the persistent connection. Your client must save this cookie and re-introduce it at the appropriate times.
- If at a later time your client invokes the LoginByToken method, or other login method, the Server issues a new session cookie in response. You must have a cookie handler in place to save the cookie for subsequent requests.
The example program uses these general steps:
Procedure
- Call the RetrieveServiceContent method to establish an HTTP connection with the vCenter Server and get the Session Manager managed object reference.
- Call the LoginByToken method to authenticate the vCenter session. To send the token to the vCenter Server, the client uses a handler to embed the token and a time stamp in the SOAP header for the message. The client uses an HTTP header handler method to extract the session cookie from the vCenter Server response.
- Restore the session cookie for future requests. To identify the session started with the LoginByToken method, the client uses a handler to embed the session cookie in the HTTP header.