VMware Cloud Community
rlocki
Contributor
Contributor

Help - Configure ADFS as external identity source for VCSA 6.5

Hello, I'm trying to find documentation on using an ADFS server as an identity source for VCSA 6.5. Unfortunately, we don't have a VIM so we would just need to do this with the XML from both the VCSA and the ADFS server themselves. I cannot however, find any full process document which can help explain how or where I went wrong.

First; I am struggling with importing the XML from (adding the VCSA XML to ADFS was simple) the ADFS server into the VCSA. This process only gives me a message "an unknown error occurred". I've tried to remove the two elements referred to here, and retry import; but no change.

fed:ApplicationServiceType

fed:SecurityTokenServiceType

Lots of other things, but still stuck.

My goal is to allow smart card custom authentication to the VCSA without using the Web plugins. I'm at a wall for the moment, so any suggestions are greatly welcome.

Thanks!

Reply
0 Kudos
3 Replies
VishShah
VMware Employee
VMware Employee

Welcome to Communities,

We can configure the vCenter SSO (PSCs) to act as a SAML provider:

https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.psc.doc/GUID-45488A1E-E407-41F2-8E13-A340C3...

"You can add other trusted service providers to an identity federation where vCenter Single Sign-On acting as the SAML Identity Provider (IDP). The service providers must conform to the SAML 2.0 protocol."

However, if you are seeking to integrate the SSO services in the VCSA with ADFS, I am afraid that we will have to use VMware Identity Manager Integration for this:

https://www.vmware.com/pdf/vidm-adfs-integration.pdf

We can not use ADFS without vIDM either on vCenter or ESXi.

If you are using vIDM could you please share the VC and other solutions Build & Version including the error Screenshot.

Regards Vishwajit Shah Skyline Support Moderator VCA-DCV | VCP5-DCV | VCP6.0; 6.5-DCV & CMA | VCA-DBT | VCAP60-DCV
Reply
0 Kudos
rlocki
Contributor
Contributor

So, I'm not 100% clear on this. Are you saying the SAML IdP on vCenter is read only or can it be configured to accept information from an ADFS claim? For example; if I want to configure a logon to the VCSA web client using authentication from vCenter SAML; how would one do that?

Thanks!

Reply
0 Kudos
aadi369
Enthusiast
Enthusiast

Please find attached sheet which will help you to achieve configuration ADFS with VCSA Smiley Wink

----------------------------------------------------------------

If it is useful, plz mark answer as correct or helpful.

----------------------------------------------------------------

Reply
0 Kudos