A guest alias defines an association between a guest user account on a virtual machine and an external vSphere user account. The vSphere account is represented by credentials consisting of an X.509 certificate and a subject name. The certificate and subject name are encoded in SAML tokens that are provided by the VMware SSO Server. The SAML tokens are attached to guest operation requests. If the credentials in a SAML token match an alias that is defined for a virtual machine, the ESXi Server guest components grant access for execution of the guest operation in the context of the user account on the virtual machine.
To create a guest alias, use the AddGuestAlias method. AddGuestAlias establishes the association between a guest user account, certificate, and SAML token subject.
If there are no aliases defined for a virtual machine, the ESXi Server will perform standard authentication using the credentials associated with a guest operation request. If one or more aliases are defined for a virtual machine, any guest operation request that uses SAML token authentication SAMLTokenAuthentication must specify a token that corresponds to one of the defined aliases.
After defining one or more guest aliases, you can specify VcSAMLTokenAuthentication for the auth parameter to guest operation methods:
For information about obtaining a SAML token from a VMware SSO Server, see VMware Single Sign-On Programming Guide.
You can define multiple aliases for a guest account. You can also map the credentials to an alias by setting mapCert to "true" in the call to the AddGuestAlias method. When an alias has a mapped credential, requests using that alias do not need to identify the guest account.
|id||String||returns the id of this ManagedObject|
|reference||VcManagedObjectReference||returns the ManagedObjectReference of this ManagedObject|
|sdkConnection||VcSdkConnection||returns the parent SdkConnection|
|vimHost||VcSdkConnection||returns the parent SdkConnection (deprecated)|
|vimType||String||returns the type of this ManagedObject|
|addGuestAlias(VcVirtualMachine vm, VcGuestAuthentication auth, String username, boolean mapCert, String base64Cert, VcGuestAuthAliasInfo aliasInfo)||void|
|createTrigger(Number timeout, String filter, String condition, String filterToSync)||Trigger|
|listGuestAliases(VcVirtualMachine vm, VcGuestAuthentication auth, String username)||VcGuestAliases|
|listGuestMappedAliases(VcVirtualMachine vm, VcGuestAuthentication auth)||VcGuestMappedAliases|
|removeGuestAlias(VcVirtualMachine vm, VcGuestAuthentication auth, String username, String base64Cert, VcGuestAuthSubject subject)||void|
|removeGuestAliasByCert(VcVirtualMachine vm, VcGuestAuthentication auth, String username, String base64Cert)||void|