Highlighted
Contributor
Contributor

How to log in to SSO with SAML Token string

I'm trying to connect to vCloud Suite API via vSphere Web Client Plug-in and assign a tag to a datastore.
But I want to avoid having users enter user name and password on vSphere Web Client Plug-in GUI because it is not user-friendly.
Therefore, I want to connect to vCloud Suite API without having users enter user name and password.

I thought I could log in to SSO using SAML Token XML(UserSession.samlTokenXml) that can be obtained from Web Client SDK, but failed.

Following is the code I created using vCloud Suite API sample code.

Code :
com\vmware\vcloud\suite\samples\common\ServiceManager.java

public void connect()
            throws com.vmware.vcloud.suite.lookup.RuntimeFaultFaultMsg,
            RuntimeFaultFaultMsg, InvalidLocaleFaultMsg, InvalidLoginFaultMsg, InvalidTokenException {
           
    ...
   
    // login to vAPI service end point
    vapi = new VapiServiceEndpoint(vapiUrl);
    String samltokenXml = "<saml2:Assertion xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\" ... </saml2:Assertion>";
    vapi.login(DefaultTokenFactory.createToken(samltokenXml));

    ...
}

com\vmware\vcloud\suite\samples\vapi\endpoint\ServiceEndpoint.java

    public void login(SamlToken samlToken) {
        StubConfiguration tmp = new StubConfiguration();
        // Create a PrivateKey
        SecurityUtil su = SecurityUtil.generateKeyCertPair();
        tmp.setSecurityContext(SecurityContextFactory.createSamlSecurityContext(samlToken, su.getPrivateKey()));
        T session = stubFactory.createStub(clazz, tmp);
        char[] sessionId = login(session);
        stubConfiguration.setSecurityContext(SecurityContextFactory.createSessionSecurityContext(sessionId));
    }

Error :
com.vmware.vapi.std.errors.Unauthenticated: Unauthenticated (com.vmware.vapi.std.errors.unauthenticated) => {
    messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) => {
    id = vapi.method.authentication.required,
    defaultMessage = This method requires authentication.,
    args = []
}],
    data = <null>
}
    at com.vmware.vapi.std.errors.Unauthenticated._newInstance(Unauthenticated.java:164)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:601)
    at com.vmware.vapi.internal.bindings.convert.impl.JavaClassStructConverter.createStructBinding(JavaClassStructConverter.java:167)
    at com.vmware.vapi.internal.bindings.convert.impl.JavaClassStructConverter.fromValue(JavaClassStructConverter.java:66)
    at com.vmware.vapi.internal.bindings.convert.impl.JavaClassStructConverter.fromValue(JavaClassStructConverter.java:36)
    at com.vmware.vapi.internal.bindings.TypeConverterImpl$ValueToJavaVisitor.visit(TypeConverterImpl.java:318)
    at com.vmware.vapi.bindings.type.ErrorType.accept(ErrorType.java:31)
    at com.vmware.vapi.internal.bindings.TypeConverterImpl.convertToJava(TypeConverterImpl.java:632)
    at com.vmware.vapi.internal.bindings.Stub.convert(Stub.java:389)
    at com.vmware.vapi.internal.bindings.Stub.convertError(Stub.java:406)
    at com.vmware.vapi.internal.bindings.Stub.access$300(Stub.java:58)
    at com.vmware.vapi.internal.bindings.Stub$2.setResult(Stub.java:220)
    at com.vmware.vapi.internal.bindings.Stub$2.setResult(Stub.java:211)
    at com.vmware.vapi.internal.protocol.client.msg.json.JsonApiProvider$ResponseCallbackImpl.received(JsonApiProvider.java:221)
    at com.vmware.vapi.internal.protocol.client.msg.json.JsonApiProvider$1.received(JsonApiProvider.java:249)
    at com.vmware.vapi.internal.protocol.client.rpc.http.HttpClient.handleContent(HttpClient.java:269)
    at com.vmware.vapi.internal.protocol.client.rpc.http.HttpClient.send(HttpClient.java:236)
    at com.vmware.vapi.internal.protocol.client.msg.json.JsonApiProvider.sendRequest(JsonApiProvider.java:126)
    at com.vmware.vapi.internal.protocol.client.msg.json.JsonApiProvider.invoke(JsonApiProvider.java:307)
    at com.vmware.vapi.internal.bindings.Stub.invoke(Stub.java:206)
    at com.vmware.vapi.internal.bindings.Stub.invoke(Stub.java:187)
    at com.vmware.vapi.internal.bindings.Stub.invokeMethodAsync(Stub.java:151)
    at com.vmware.vapi.internal.bindings.Stub.invokeMethod(Stub.java:119)
    at com.vmware.cis.SessionStub.create(SessionStub.java:37)
    at com.vmware.cis.SessionStub.create(SessionStub.java:30)
    at com.vmware.vcloud.suite.samples.vapi.endpoint.VapiServiceEndpoint.login(VapiServiceEndpoint.java:13)
    at com.vmware.vcloud.suite.samples.vapi.endpoint.VapiServiceEndpoint.login(VapiServiceEndpoint.java:1)
    at com.vmware.vcloud.suite.samples.vapi.endpoint.ServiceEndpoint.login(ServiceEndpoint.java:42)
    at com.vmware.vcloud.suite.samples.common.ServiceManager.connect(ServiceManager.java:138)
    at com.vmware.vcloud.suite.samples.common.ServiceManagerFactory.getServiceManager(ServiceManagerFactory.java:38)
    at com.vmware.vcloud.suite.samples.common.SamplesAbstractBase.getServiceManager(SamplesAbstractBase.java:151)
    at com.vmware.vcloud.suite.samples.cis.tagging.TagDatastore.setup(TagDatastore.java:80)
    at com.vmware.vcloud.suite.samples.common.SamplesAbstractBase.init(SamplesAbstractBase.java:127)
    at Main.tagCreateTest(Main.java:32)
    at Main.main(Main.java:19)

Login by the above code fails.

What kind of code should I create to log in to SSO using SAML Token XML?

Also, is there a way to connect to vCloud Suite API without using SSO's user name and password other than using SAML Token XML?

0 Kudos
0 Replies