No PowerCLI integration at the moment I'm afraid.
Although there is a SSO SDK, I have the impression it only provides API to work with tokens (acquire, renew, validate).
There don't seem to be any SSO Management API as far as I can tell (but lamw will surely correct me if I'm wrong on this )
There are a number .Net and Java examples in the SDK
1 person found this helpful
LucD is absolutely correct. Today, we only have the SSO Consumer APIs which is about retrieving SAML tokens/etc. and does not provide access to the SSO configurations which is under the SSO Admin APIs which are unfortunately not public today. This is true for any of the vSphere SDKs.
Having said that, depending on what you're looking for, some of this is still retrievable by connecting to the vmdird which is an LDAP based system. Here's several articles that provides some options on collecting some of this information:
If that is on a Windows-based vCenter 5.5, you can have a look at vCenter Server 5.5 Single Sign-On VMDir deep diveBlog: http://lucd.info | Twitter: @LucD22 | PowerCLI Reference co-author: http://tinyurl.com/hkn4glz1 person found this helpful
I worked with EcoBassam on this subject and using the information provided by lamw I managed to make a script that retrives the required information.
Thanks for the links provided by lamw, they really helped me a lot
wmdird is an LDAP based system, so firstly we can use JXplorer to explorer the tree structure of LDAP:
We will find all identity sources in the path: /Services/IdentityManager/Tenants/vsphere.local/IdentityProviders
If we would like to use powercli/powershell to get the same information as we can see in the JXplorer, we may want to use ldapsearch in sso server, of course we must have ldapsearch installed in the server:
Here is an exemple of Invoke-VMScript which I used in my script for a SSO server 5.5:
$scriptsso = @"
&"$env:C:\the\directory\to\ldapsearch.exe" -h localhost -w $password -p 11711 -x -D "cn=Administrator,cn=users,dc=vsphere,dc=local" -b "cn=IdentityProviders,cn=vsphere.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vsphere,dc=local" -s one "vmwSTSDomainName=*"
$invokesso = Invoke-VMScript -ScriptText $scriptsso -VM $Vm -GuestUser $user -GuestPassword $password
$invokesso.ScriptOutput | out-string -Stream | set-content $VMsubfolder\infosso.txt
Then we get a txt file infosso.txt with all Identity Sources
We can get all the information available in Edit Identity Source screenshot above:
They are just under different names:
Identity source type
Primary server URL
Thanks for sharing that, great find!Blog: http://lucd.info | Twitter: @LucD22 | PowerCLI Reference co-author: http://tinyurl.com/hkn4glz