VMware Cloud Community
manfriday
Enthusiast
Enthusiast
‎02-13-2013 07:38 AM

SSO and getting current user email

So, before upgrading to 5.1 and the SSO, this used to work:

var ldapUser = Server.getCurrentLdapUser();
var adminEmail = ldapUser.emailAddress;
System.log("Admin email: " + adminEmail);
It no longer works. I can see that the ldapUser variable is being filled out. However, it looks like it cannot retrieve the email address.
I suspect this has to do with the SSO authentication (I am using SSO rather than LDAP now)
I looked to see if there was a SSO-related function in the API, but if there is I missed it.
anyone have any ideas how to get the current users email address with 5.1?
Thanks
Jason
Reply
0 Kudos
5 Replies
qc4vmware
Virtuoso
Virtuoso
‎02-13-2013 09:52 AM

Since SSO is a big steaming pile of... you'll likely need to revert to AD or one of the other directories.  I have a support call today in an attempt to get either SSO working or eDir or AD working with our directory structure so users from any of our domains can login.  At the moment the only solution I see working is a vCO per domain which would be a sad sad thing.  Orchestrator is such a cool product but not really designed for use in an environment with a complex heirarchy it seems and apparently they didn't bother to test SSO would actually work with many of their products so I can't point the finger completely at the vCO people.  They were likely blindsided as it feels like most were.

I have not been able to get the AD plugin nor the Server ldap functions to work when SSO is the authentication type.  I can successfully get users from any of my domains to login to vCO though.  I got some feedback that this was a known issue but no answer on when a fix was scheduled.

If I get any reasonable resolution from my support case I will share it with you here.  Good luck!

Paul

Reply
tschoergez
Leadership
Leadership
‎02-14-2013 08:52 PM

As a workaround you can try to call a Powershell script, that fetches the needed information from AD for the given ldap name.

Or call an external tool like the free adfind.exe, see an example here: http://www.vcoportal.de/2011/08/small-but-useful-command-line-tools-for-vco-workflows/

Cheers,

Joerg

Reply
manfriday
Enthusiast
Enthusiast
‎02-15-2013 06:36 AM

Thanks for your input guys.

In the end I did end up following Paul's advice, and went back to the LDAP implementation, rather than using SSO.

I'll have to wait for VMWare to sort out the issues before I can go back to the SSO.

At least I know I'm not crazy now. Well, not about this anyway.

thanks

Jason

Reply
0 Kudos
cdecanini_
VMware Employee
VMware Employee
‎02-15-2013 07:16 AM

I would suggest opening support requests to VMware GSS. If everyone work around the bug then it may never be fixed.

And even if this was previously opened this would increase the priority for resolution.

Christophe.

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you! Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator for vCenter Orchestrator tips and tutorials - @vCOTeam on Twitter
Reply
0 Kudos
manfriday
Enthusiast
Enthusiast
‎02-15-2013 07:41 AM

Excellent point Chistophe

I have indeed logged a support request. SR 13284459702 if anyone else has the isue and wishes to reference it.

Jason

Reply
0 Kudos