Authenticating Users Through SessionManager
The SessionManager managed object controls user access to the server. SessionManager includes methods for logging in to the server, obtaining a session, and logging out. The SessionManager defines the lifetime and visibility of many objects. Session-specific objects are not visible outside the session in which they are created.
Important Each user session uses system resources and creates locks on the server side. Too many concurrent sessions can slow down the server. By default, vCenter Server terminates a session after 30 minutes.
Upon successful authentication of a user account, SessionManager returns a UserSession data object to the client application. The session is associated with that user account for the duration of the session. The client application can save the session locally, to a secure file, and reuse the session later to reconnect to the server. You can also configure an ESXi or vCenter Server system to support local sessions, which enable users with credentials on the host to log in based on those privileges.
The SessionManager provides these capabilities:
Log in and log out. Basic operations to log in to ESXi or vCenter Server system, obtain a session, and log out. When a session terminates, all session-specific objects are destroyed.
Impersonation. One user session adopts the authorization level of another user session. Impersonation is common in Web based scenarios in which a middle-tier application functions as a central account that interacts with other back-end servers or processes. Windows services impersonate a client when accessing resources on behalf of the client. SesssionManager supports impersonation through its ImpersonateUser method.
Delegation. A client application that is running on behalf of a local user can call the SessionManager.AcquireLocalTicket method to obtain a one-time user name and password for logging in. Delegation is useful for host-based utilities that run in the local console.
If the user account associated with the session does not have the permissions required to perform an action, the AuthorizationManager returns a NoPermission fault to the client application.
Using VMware Single Sign On for vCenter Server Sessions
vSphere supports single sign on for a single point of authentication for vCenter Server clients. To use VMware Single Sign On, your vSphere Web Services SDK client connects to the VMware SSO Server to obtain an SSO token. Your client includes the token in the SessionManager.LoginByToken request to start a vSphere session. See Establishing a Single Sign On Session with a vCenter Server.
Help us improve this information. Send feedback to docfeedback@vmware.com.