An identity provider is a service that manages user and group identities. vCloud Director organizations that use the same identity provider are said to be federated.
An organization can define an identity provider that it shares with other applications or enterprises. Users authenticate to the identity provider to obtain a token that they can then use to log in to the organization. Such a strategy can enable an enterprise to provide access to multiple, unrelated services, including vCloud Director, with a single set of credentials, an arrangement often referred to as single sign-on.
vCloud Director supports the following kinds of identity providers:
An organization can define an external identity provider that supports OAuth authentication, as defined in RFC 6749 (http://tools.ietf.org/html/rfc6749). All organizations that participate in an OAuth-based federated identity scheme must include an OrgOAuthSettings element whose public key, IssuerId and OAuthKeyConfigurations were retrieved from the same identity provider. | |
An organization can define an external identity provider that supports the Security Assertion Markup Language (SAML) 2.0 standard. All organizations participating in a SAML-based federated identity scheme must include an OrgFederationSettings element that contains SAML metadata retrieved from the same identity provider. | |
The XML representation of a User can include an IdentityProvider element that specifies INTEGRATED, OAUTH, or SAML. If the element is missing or empty, a value of INTEGRATED is assumed.
The XML representation of a Group can include a ProviderType element that specifies INTEGRATED or SAML. If the element is missing or empty, a value of INTEGRATED is assumed.