vSphere 5.1 Single Sign On – part 2

Second part of my Single Sign On series is about authentication to vSphere with and without Single Sign On. The default vCenter Single Sign-On administrator user ID is admin@System-Domain – it cannot be change and password was set during Single Sign On installation process. make sure you remember SSO admin password because you will need it for various installation and administration tasks. You can create Single Sign-On administrator users with the Single Sign-On administration tool in the vSphere Web Client.

[box type=”warning”] Notice: admin@system-domain user is a Single Sign On user with Administrative rights ONLY to Single Sign On server and has not right in vCenter server.[/box]

How the authentication works:

Pre-vSphere 5.1

vSphere authentication pre vSphere 5.1

In version pre vCenter Server 5.1, when a user connects to vCenter Server, vCenter Server authenticates the user by validating the user credentials against an Active Directory domain or the list of local operating system users.

 

vSphere 5.1 with Single Sign-On authentication

vSphere 5.1 with Single Sign-On authentication

 

When user log in to vCenter server the authentication request is sent in fact to STS – Security Token Service (which is SSO secure interface), STS checks user credential against Active Directory (you can have more than one AD domain attached to SSO server) openLDAP, local OS users. Upon successful, STS generated SAML 2.0 token, it is used for authentication to vCenter server.

Directory services such as Active Directory or openLDAP are not mandatory, Single Sign On service has it’s own database to store users and credentials. It is pretty useful in use case when you don’t have any directory services or SSO and vCenter server is located in security zone without access to central directory services.

[button link=”http://vmwaremine.com/2012/11/21/vsphere-5-1-single-signon-part-1/”] vSphere 5.1 Single Sign On – part 1[/button]

Artur Krzywdzinski

Artur is Consulting Architect at Nutanix. He has been using, designing and deploying VMware based solutions since 2005 and Microsoft since 2012. He specialize in designing and implementing private and hybrid cloud solution based on VMware and Microsoft software stacks, datacenter migrations and transformation, disaster avoidance. Artur has been in IT industry since 1999 and consulting since 2008. Artur holds VMware Certified Design Expert certification (VCDX #077).