Class VcGuestAliasManager

Extends com.vmware.vmo.plugin.vi4.model.VimContentManagedObject
The GuestAliasManager supports single sign-on for virtual machine access to perform guest operations. The GuestAliasManager provides methods to create and access aliases.

A guest alias defines an association between a guest user account on a virtual machine and an external vSphere user account. The vSphere account is represented by credentials consisting of an X.509 certificate and a subject name. The certificate and subject name are encoded in SAML tokens that are provided by the VMware SSO Server. The SAML tokens are attached to guest operation requests. If the credentials in a SAML token match an alias that is defined for a virtual machine, the ESXi Server guest components grant access for execution of the guest operation in the context of the user account on the virtual machine.

To create a guest alias, use the AddGuestAlias method. AddGuestAlias establishes the association between a guest user account, certificate, and SAML token subject.

If there are no aliases defined for a virtual machine, the ESXi Server will perform standard authentication using the credentials associated with a guest operation request. If one or more aliases are defined for a virtual machine, any guest operation request that uses SAML token authentication SAMLTokenAuthentication must specify a token that corresponds to one of the defined aliases.

After defining one or more guest aliases, you can specify VcSAMLTokenAuthentication for the auth parameter to guest operation methods:

For information about obtaining a SAML token from a VMware SSO Server, see VMware Single Sign-On Programming Guide.

You can define multiple aliases for a guest account. You can also map the credentials to an alias by setting mapCert to "true" in the call to the AddGuestAlias method. When an alias has a mapped credential, requests using that alias do not need to identify the guest account.


Name Type Description
id String returns the id of this ManagedObject
reference VcManagedObjectReference returns the ManagedObjectReference of this ManagedObject
sdkConnection VcSdkConnection returns the parent SdkConnection
vimHost VcSdkConnection returns the parent SdkConnection (deprecated)
vimType String returns the type of this ManagedObject


Name Returns
addGuestAlias(VcVirtualMachine vm, VcGuestAuthentication auth, String username, boolean mapCert, String base64Cert, VcGuestAuthAliasInfo aliasInfo) void
createTrigger(Number timeout, String filter, String condition, String filterToSync) Trigger
listGuestAliases(VcVirtualMachine vm, VcGuestAuthentication auth, String username) VcGuestAliases[]
listGuestMappedAliases(VcVirtualMachine vm, VcGuestAuthentication auth) VcGuestMappedAliases[]
removeGuestAlias(VcVirtualMachine vm, VcGuestAuthentication auth, String username, String base64Cert, VcGuestAuthSubject subject) void
removeGuestAliasByCert(VcVirtualMachine vm, VcGuestAuthentication auth, String username, String base64Cert) void

Returned by


Referenced in