After you obtain a SAML token from the vCenter Single Sign-On Server, you can use the vSphere Web Services API method LoginByToken to establish a vCenter Single Sign-On session with a vCenter Server. At the beginning of the session, your client is responsible for the following tasks:

  • Insert the vCenter Single Sign-On token and a timestamp into the SOAP header of the LoginByToken message.
  • Maintain the vCenter session cookie. During the login sequence, the Server produces an HTTP session cookie to support the persistent connection. Your client must save this cookie and re-introduce it at the appropriate times.
  • If at a later time your client invokes the LoginByToken method, or other login method, the Server issues a new session cookie in response. You must have a cookie handler in place to save the cookie for subsequent requests.

The example program uses these general steps:

Procedure

  1. Call the RetrieveServiceContent method to establish an HTTP connection with the vCenter Server and get the Session Manager managed object reference.
  2. Call the LoginByToken method to authenticate the vCenter session. To send the token to the vCenter Server, the client uses a handler to embed the token and a time stamp in the SOAP header for the message. The client uses an HTTP header handler method to extract the session cookie from the vCenter Server response.
  3. Restore the session cookie for future requests. To identify the session started with the LoginByToken method, the client uses a handler to embed the session cookie in the HTTP header.