VMware Cloud Community
satoshi_goto
Contributor
Contributor
‎11-27-2018 09:40 PM

What precondition to use HTTP Basic Authentication vRealize Orchestrator Server REST API?

Hi, I have a question about authentication to use vRO REST API.

Our vRO API docs says about LDAP Authentication:

When Orchestrator is configured with LDAP, you must apply the Basic HTTP authentication scheme.

https://docs.vmware.com/en/vRealize-Orchestrator/7.5/com.vmware.vrealize.orchestrator-develop-web-se...

https://<our-vro>:8281/vco/api/docs/index.html

 

But, LDAP authentication is closed vRO 7.3 or later.

  • The following feature has reached its End of Life and is no longer available or supported in vRealize Orchestrator. 
       
    • LDAP authentication

https://docs.vmware.com/en/vRealize-Orchestrator/7.3/rn/vrealize-orchestrator-73-release-notes.html

 

My question is what requirement to use Basic authentication for vRO REST API?

Our server is v7.4.0, and work Basic auth fine.

curl -v --user '<user>:<password>' --header 'Accept: application/json' 'https://<our-vro>:8281/vco/api/workflows/5ac8197b-d97c-41cc-bbe5-c392e87f8325/executions?maxResult=1&startIndex=0'

 

Thanks.

0 Kudos
2 Replies
iiliev
VMware Employee
VMware Employee
‎11-28-2018 01:10 AM

Hi,

From configuration point of view, the newer vRO versions do not provide an option to configure LDAP authentication (only SSO or vRA authentication), but if the customer is performing an upgrade from older vRO version which is already configured with LDAP, it will be kept as is.

From REST API point of view, we do support Basic authentication no matter what authentication provider is configured - LDAP, SSO or vRA. We do it mostly for user convenience; for example, it would be (almost) impossible to use curl with SAML token as it is very hard to manually acquire SAML token and sign the REST API request. When/if necessary, vRO server will acquire SAML/OAuth token on your behalf using the provided username/password, without REST API caller even noticing it.

satoshi_goto
Contributor
Contributor
‎11-28-2018 04:01 AM

Hi,

Thanks for your quickly response!

> From REST API point of view, we do support Basic authentication no matter what authentication provider is configured - LDAP, SSO or vRA

I'm relieved and understand it.

My current problem is there is an issue about acquire SAML token when I use both vRO Java SDK and vSphere Single-Sign On SDK (in vSphere Management SDK).

So, I find another way not to use vRO Java SDK.

Thanks to your answer, I can examine to use REST API not to use vRO Java SDK.

0 Kudos