To authenticate by SAML token, you must use SOAP message protocol rather than the JSON protocol. After authentication, you can send authenticated requests over the JSON protocol.

SAML token authentication using the SOAP protocol is described in the vCenter Single Sign-On Programming Guide. Use the Single-Sign-On server to exchange the principal's credentials for a SAML token, then invoke the LoginByToken method of the SessionManager to exchange the SAML token for a session ID token.

The SessionManager returns the session ID token in a cookie header. Use the value of the cookie as the value of vmware-api-session-id in request message headers, as described in Authenticating a JSON Client with the Session Manager.