Scripting Object - VcGuestAliasManager

Scripting-object corresponding to
GuestAliasManager
Attribute of
VcGuestOperationsManager

Scripting Object Description

The GuestAliasManager supports single sign-on for virtual machine access to perform guest operations. The GuestAliasManager provides methods to create and access aliases.

A guest alias defines an association between a guest user account on a virtual machine and an external vSphere user account. The vSphere account is represented by credentials consisting of an X.509 certificate and a subject name. The certificate and subject name are encoded in SAML tokens that are provided by the VMware SSO Server. The SAML tokens are attached to guest operation requests. If the credentials in a SAML token match an alias that is defined for a virtual machine, the ESXi Server guest components grant access for execution of the guest operation in the context of the user account on the virtual machine.

To create a guest alias, use the AddGuestAlias method. AddGuestAlias establishes the association between a guest user account, certificate, and SAML token subject.

If there are no aliases defined for a virtual machine, the ESXi Server will perform standard authentication using the credentials associated with a guest operation request. If one or more aliases are defined for a virtual machine, any guest operation request that uses SAML token authentication SAMLTokenAuthentication must specify a token that corresponds to one of the defined aliases.

After defining one or more guest aliases, you can specify {@link vim.vm.guest.SAMLTokenAuthentication} for the auth parameter to guest operation methods:

For information about obtaining a SAML token from a VMware SSO Server, see VMware Single Sign-On Programming Guide.

You can define multiple aliases for a guest account. You can also map the credentials to an alias by setting mapCert to "true" in the call to the AddGuestAlias method. When an alias has a mapped credential, requests using that alias do not need to identify the guest account.

Attributes

Name Type Description
idString

@since Unknown
morefVcManagedObjectReference

returns the ManagedObjectReference of this ManagedObject @since Unknown
sdkConnectionVcSdkConnection

@since Unknown
sdkIdString

@since Unknown
typeStringDeprecated.

Returns the name for the this managed object's vim type @since Unknown
vimHostVcSdkConnection

@since Unknown
vimIdString

@since Unknown
vimTypeString

@since Unknown

Methods

Methods defined in this Scripting Object
_getRef, addGuestAlias, createTrigger, listGuestAliases, listGuestMappedAliases, removeGuestAlias, removeGuestAliasByCert

_getRef

@since Unknown

Parameters

NameTypeDescription
None

Return Value

Type Description
VcManagedObjectReference

createTrigger

@since Unknown

Parameters

NameTypeDescription
timeoutNumber

filterString

conditionString

filterToSyncString


Return Value

Type Description
Trigger

removeGuestAlias

Removes an alias from the guest so it can no longer be used for authentication of guest operations. It will also be removed from the mapped credentials.

@since vSphere API 6.0

Parameters

NameTypeDescription
arg0VcVirtualMachine

arg1VcGuestAuthentication

arg2String

arg3String

arg4VcGuestAuthSubject


Return Value

Type Description
None

removeGuestAliasByCert

Removes a VMware SSO Server's certificate and all associated aliases from the guest so it can no longer be used for authentication of guest operations. It will also be removed from the global certificate-to-user mapping file in the guest.

@since vSphere API 6.0

Parameters

NameTypeDescription
arg0VcVirtualMachine

arg1VcGuestAuthentication

arg2String

arg3String


Return Value

Type Description
None

listGuestAliases

Lists the {@link vim.vm.guest.AliasManager.GuestAliases} for a specified user in the guest that can be used for authentication of guest operations.

@since vSphere API 6.0

Parameters

NameTypeDescription
arg0VcVirtualMachine

arg1VcGuestAuthentication

arg2String


Return Value

Type Description
VcGuestAliases []

listGuestMappedAliases

Lists the {@link vim.vm.guest.AliasManager.GuestMappedAliases} in the guest that can be used for authentication of guest operations.

@since vSphere API 6.0

Parameters

NameTypeDescription
arg0VcVirtualMachine

arg1VcGuestAuthentication


Return Value

Type Description
VcGuestMappedAliases []

addGuestAlias

Defines an alias for a guest acount in a virtual machine. After the alias is defined, the ESXi Server will use the alias to authenticate guest operations requests.

This will add the given VMware SSO Server's certificate and a subject to the alias store of the specified user in the guest.

In order to add an alias to the guest, you must supply an existing valid credential. This can be any instance of {@link GuestAuthentication}, but must be valid for the specified guest username.

@since vSphere API 6.0

Parameters

NameTypeDescription
arg0VcVirtualMachine

arg1VcGuestAuthentication

arg2String

arg3Boolean

arg4String

arg5VcGuestAuthAliasInfo


Return Value

Type Description
None