This topic describes how to use NSX session-based authentication to generate a JSESSIONID cookie when using the API. Use this method to reduce the number of times you have to enter your username and password. You can use this type of authentication with vIDM and LDAP authentication.
NSX uses several different mechanisms to authenticate NSX users. They include:
- HTTP authentication
- Session-based authentication
- Principal identity or certificate-based authentication
- Single sign on using vIDM and Cloud Service Platform (CSP)
The NSX uses a username and password to generate a session cookie during session creation. Once the session cookie has been created, subsequent API requests might optionally use this session cookie instead of the user name and password credentials. This means that the session state is specific to the particular NSX Manager that generated the session cookie. When clients make requests to the NSX Manager, it only allows clients to authenticate if the session cookie they present matches one of the cookies generated by the manager. When any user logs out of NSX Manager, the session cookie is immediately eliminated from the reverse-proxy of the NSX Manager and cannot be reused. Idle sessions time out automatically or you can delete them using the API.
Access using the API request generates audit log details. This logging is always enabled and cannot be disabled. Auditing of sessions is initiated at system startup. Audit log messages include the text audit="true" in the structured data part of the log message.
This example describes using cURL to create session-based authentication for API calls.
Procedure
What to do next
To review the requirements to authenticate users with your session-based supported authentication service, see Integration with VMware Identity Manager/Workspace ONE Access or Integration with LDAP.