Hi, I have a question about authentication to use vRO REST API.
Our vRO API docs says about LDAP Authentication:
When Orchestrator is configured with LDAP, you must apply the Basic HTTP authentication scheme.
https://<our-vro>:8281/vco/api/docs/index.html
But, LDAP authentication is closed vRO 7.3 or later.
The following feature has reached its End of Life and is no longer available or supported in vRealize Orchestrator.
LDAP authentication
https://docs.vmware.com/en/vRealize-Orchestrator/7.3/rn/vrealize-orchestrator-73-release-notes.html
My question is what requirement to use Basic authentication for vRO REST API?
Our server is v7.4.0, and work Basic auth fine.
curl -v --user '<user>:<password>' --header 'Accept: application/json' 'https://<our-vro>:8281/vco/api/workflows/5ac8197b-d97c-41cc-bbe5-c392e87f8325/executions?maxResult=1&startIndex=0'
Thanks.
Hi,
From configuration point of view, the newer vRO versions do not provide an option to configure LDAP authentication (only SSO or vRA authentication), but if the customer is performing an upgrade from older vRO version which is already configured with LDAP, it will be kept as is.
From REST API point of view, we do support Basic authentication no matter what authentication provider is configured - LDAP, SSO or vRA. We do it mostly for user convenience; for example, it would be (almost) impossible to use curl with SAML token as it is very hard to manually acquire SAML token and sign the REST API request. When/if necessary, vRO server will acquire SAML/OAuth token on your behalf using the provided username/password, without REST API caller even noticing it.
Hi,
Thanks for your quickly response!
> From REST API point of view, we do support Basic authentication no matter what authentication provider is configured - LDAP, SSO or vRA
I'm relieved and understand it.
My current problem is there is an issue about acquire SAML token when I use both vRO Java SDK and vSphere Single-Sign On SDK (in vSphere Management SDK).
So, I find another way not to use vRO Java SDK.
Thanks to your answer, I can examine to use REST API not to use vRO Java SDK.