This topic describes how to use NSX session-based authentication to generate a JSESSIONID cookie when using the API. Use this method to reduce the number of times you have to enter your username and password. You can use this type of authentication with vIDM and LDAP authentication.
NSX uses several different mechanisms to authenticate NSX users. They include:
- HTTP authentication
- Session-based authentication
- Principal identity or certificate-based authentication
- Single sign on using vIDM and RBAC
The NSX uses a username and password to generate a session cookie during session creation. Once the session cookie has been created, subsequent API requests can use this session cookie instead of the user name and password credentials. This means that the session state is local to the server on which it is performed. When clients make requests to the NSX Manager, it only allows clients to authenticate if the session ID they present matches one of the IDs generated by the server. When any user logs out of NSX Manager, the session identifier is immediately eliminated and cannot be reused. Idle sessions time out automatically or you can delete them using the API.
Access using the API request generates audit log details. This logging is always enabled and cannot be disabled. Auditing of sessions is initiated at system startup. Audit log messages include the text audit="true" in the structured data part of the log message.
This example describes using cURL to create session-based authentication for API calls.
Procedure
What to do next
To review the requirements to authenticate users with your session-based supported authentication service, see Integration with VMware Identity Manager/Workspace ONE Access or Integration with LDAP..