Hi all, 

We are in the process of upgrading our/planning the rollout of 6.5 - currently on 5.5.

With the loophole of having the webconsole on the jetty powered service being closed - where by you could generate the console session tickets etc and chuck an (unauthenticated) user at that endpoint granting them access to the console. As this is now behind the authenticated /vsphere-client/ or /ui/ apps on the appliance this no longer works. Up until now we had been doing that and using IIS ARR to reverse proxy the requests into our infrastructure. 

I have an almost working solution but need some help with generated (for the lack of a better term) and application session token aka. what ends up as the JSESSIONID in your client cookie.

I have tried generating sessions via the restful api and using that ID as the value but it doesnt seem to accept them which in a way makes sense, different systems (ish). 

I am guessing i need to look into the SSO SDK but struggling with where to start - i even tried automating / mimicking the login to the various pages - following redirects and eventually posting the credentials to the SSO page so i could capture the JSESSIONID but still a work in progress/there has to be a better way.

FYI my new console proxy solution involves the standard looking URL for the new 6.5 /webconsole.html pages excepts switches out the domain for a proxy site running nginx, we also add an additional sessionid query string value and i have nginix add / append this to the reverse proxy request as well as have a set-cookie header back to the client.

Can someone point me in the right direction here/have any experience doing the same thing?