Hello, I'm trying to find documentation on using an ADFS server as an identity source for VCSA 6.5. Unfortunately, we don't have a VIM so we would just need to do this with the XML from both the VCSA and the ADFS server themselves. I cannot however, find any full process document which can help explain how or where I went wrong.
First; I am struggling with importing the XML from (adding the VCSA XML to ADFS was simple) the ADFS server into the VCSA. This process only gives me a message "an unknown error occurred". I've tried to remove the two elements referred to here, and retry import; but no change.
fed:ApplicationServiceType
fed:SecurityTokenServiceType
Lots of other things, but still stuck.
My goal is to allow smart card custom authentication to the VCSA without using the Web plugins. I'm at a wall for the moment, so any suggestions are greatly welcome.
Thanks!
Welcome to Communities,
We can configure the vCenter SSO (PSCs) to act as a SAML provider:
"You can add other trusted service providers to an identity federation where vCenter Single Sign-On acting as the SAML Identity Provider (IDP). The service providers must conform to the SAML 2.0 protocol."
However, if you are seeking to integrate the SSO services in the VCSA with ADFS, I am afraid that we will have to use VMware Identity Manager Integration for this:
https://www.vmware.com/pdf/vidm-adfs-integration.pdf
We can not use ADFS without vIDM either on vCenter or ESXi.
If you are using vIDM could you please share the VC and other solutions Build & Version including the error Screenshot.
So, I'm not 100% clear on this. Are you saying the SAML IdP on vCenter is read only or can it be configured to accept information from an ADFS claim? For example; if I want to configure a logon to the VCSA web client using authentication from vCenter SAML; how would one do that?
Thanks!