So, before upgrading to 5.1 and the SSO, this used to work:
Since SSO is a big steaming pile of... you'll likely need to revert to AD or one of the other directories. I have a support call today in an attempt to get either SSO working or eDir or AD working with our directory structure so users from any of our domains can login. At the moment the only solution I see working is a vCO per domain which would be a sad sad thing. Orchestrator is such a cool product but not really designed for use in an environment with a complex heirarchy it seems and apparently they didn't bother to test SSO would actually work with many of their products so I can't point the finger completely at the vCO people. They were likely blindsided as it feels like most were.
I have not been able to get the AD plugin nor the Server ldap functions to work when SSO is the authentication type. I can successfully get users from any of my domains to login to vCO though. I got some feedback that this was a known issue but no answer on when a fix was scheduled.
If I get any reasonable resolution from my support case I will share it with you here. Good luck!
Paul
As a workaround you can try to call a Powershell script, that fetches the needed information from AD for the given ldap name.
Or call an external tool like the free adfind.exe, see an example here: http://www.vcoportal.de/2011/08/small-but-useful-command-line-tools-for-vco-workflows/
Cheers,
Joerg
Thanks for your input guys.
In the end I did end up following Paul's advice, and went back to the LDAP implementation, rather than using SSO.
I'll have to wait for VMWare to sort out the issues before I can go back to the SSO.
At least I know I'm not crazy now. Well, not about this anyway.
thanks
Jason
I would suggest opening support requests to VMware GSS. If everyone work around the bug then it may never be fixed.
And even if this was previously opened this would increase the priority for resolution.
Christophe.
Excellent point Chistophe
I have indeed logged a support request. SR 13284459702 if anyone else has the isue and wishes to reference it.
Jason