This has always bugged me and I still don't understand why the client integration plugin is required for single sign-on to work. I am hoping to get some answers/insight as to why SSO is implemented in this manner for vCenter (some limitation?). There are standards out there (such as spnego with Kerberos) for authentication that don't require installing a plugin to make single sign-on work on web sites (supported by every major browser). Are there any reasons as to why vCenter requires a browser plugin for SSO when the same can be accomplished in an industry standard way? Note, I have gotten a lot of flak from the infosec group for the way this is implemented as requiring a plugin for this functionality seems to degrade the security of our systems (many of these browser plugins are susceptible to exploitation). Thanks!