After you obtain a SAML token from the vCenter Single Sign-On server, you can use the vSphere Web Services API method LoginByToken to establish a single sign-on session with a vCenter Server. See vCenter Single Sign-On Client Example (.NET) for a description of how to obtain a vCenter Single Sign-On token.
To establish a vCenter Server session that is based on SAML token authentication, the client must embed the SAML token in the SOAP header of the LoginByToken request. The C# LoginByToken example uses the .NET services in vCenter Server Single Sign-On Session to support a single sign-on session.
| .NET Element / Namespace |
vCenter Single Sign-On Usage |
|---|---|
| SecurityPolicyAssertion Microsoft.Web.Services3.Security |
The sample creates a custom policy assertion derived from the SecurityPolicyAssertion class. The custom assertion contains the SAML token and X509 certificate. |
| SendSecurityFilter Microsoft.Web.Services3.Security |
The sample defines a custom output filter derived from the SendSecurityFilter class. The custom filter adds the token and certificate to the outgoing SOAP message. |
| ServicePointManager System.net |
The sample uses the ServicePointManager to specify SSL3 and HTTP 100-Continue behavior. |
| ConfigurationManager System.Configuration |
The sample uses the ConfigurationManager to specify certificate metadata (password and certificate type). |
| CookieContainer System.Net |
The sample uses the CookieContainer class to manage vCenter Server session cookies. |
