VMware Single Sign-On

VMware SSO is an authentication server released with vSphere 5.1. With version 5.5, it has been re-architected so that it is simple to plan and deploy and easier to manage. With vSphere 6.0 and 6.5, it is now embedded into the PSC.

With vSphere 5.1, SSO had an option to use an external database. However, starting with vSphere 5.5, this was no longer possible; SSO now uses an embedded PostgreSQL database.

It is an authentication gateway, which takes the authentication requests from various registered components and validates the credential pair against the identity sources added to the SSO server. The components are registered to the SSO server during their installation.

Here are some of the components that can register with VMware SSO and leverage its ability, and these components, in SSO terms, are referred to as SSO clients:

  • VMware vCenter Server
  • VMware vCenter inventory service
  • VMware vCenter Orchestrator
  • VMware vShield manager
  • VMware vCloud Director (partial integration)
  • VMware vSphere Web Client
  • VMware vSphere Data Protection
  • VMware log browser

Once authenticated, the SSO clients are provided with a token for further exchanges. The advantage here is that the user or administrator of the client service is not prompted for a credential pair (username and password) every time it needs to authenticate.

SSO supports authenticating against the following identity sources:

  • Active directory
  • Active directory as an LDAP server
  • Open LDAP
  • Local OS
上一章目录下一章