5 Replies Latest reply on Feb 15, 2013 7:16 AM by cdecanini_

    SSO and getting current user email

    manfriday Hot Shot

      So, before upgrading to 5.1 and the SSO, this used to work:



      var ldapUser = Server.getCurrentLdapUser();
      var adminEmail = ldapUser.emailAddress;
      System.log("Admin email: " + adminEmail);
      It no longer works. I can see that the ldapUser variable is being filled out. However, it looks like it cannot retrieve the email address.
      I suspect this has to do with the SSO authentication (I am using SSO rather than LDAP now)
      I looked to see if there was a SSO-related function in the API, but if there is I missed it.
      anyone have any ideas how to get the current users email address with 5.1?
        • 1. Re: SSO and getting current user email
          qc4vmware Master

          Since SSO is a big steaming pile of... you'll likely need to revert to AD or one of the other directories.  I have a support call today in an attempt to get either SSO working or eDir or AD working with our directory structure so users from any of our domains can login.  At the moment the only solution I see working is a vCO per domain which would be a sad sad thing.  Orchestrator is such a cool product but not really designed for use in an environment with a complex heirarchy it seems and apparently they didn't bother to test SSO would actually work with many of their products so I can't point the finger completely at the vCO people.  They were likely blindsided as it feels like most were.


          I have not been able to get the AD plugin nor the Server ldap functions to work when SSO is the authentication type.  I can successfully get users from any of my domains to login to vCO though.  I got some feedback that this was a known issue but no answer on when a fix was scheduled.


          If I get any reasonable resolution from my support case I will share it with you here.  Good luck!



          1 person found this helpful
          • 2. Re: SSO and getting current user email
            tschoergez Master
            VMware EmployeesvExpertUser Moderators

            As a workaround you can try to call a Powershell script, that fetches the needed information from AD for the given ldap name.

            Or call an external tool like the free adfind.exe, see an example here: http://www.vcoportal.de/2011/08/small-but-useful-command-line-tools-for-vco-workflows/




            1 person found this helpful
            • 3. Re: SSO and getting current user email
              manfriday Hot Shot

              Thanks for your input guys.

              In the end I did end up following Paul's advice, and went back to the LDAP implementation, rather than using SSO.

              I'll have to wait for VMWare to sort out the issues before I can go back to the SSO.

              At least I know I'm not crazy now. Well, not about this anyway.





              • 4. Re: SSO and getting current user email
                cdecanini_ Virtuoso
                VMware Employees

                I would suggest opening support requests to VMware GSS. If everyone work around the bug then it may never be fixed.

                And even if this was previously opened this would increase the priority for resolution.



                • 5. Re: SSO and getting current user email
                  manfriday Hot Shot

                  Excellent point Chistophe


                  I have indeed logged a support request. SR 13284459702 if anyone else has the isue and wishes to reference it.