If you have already took the effort to build your vCenter Single Sign On server while upgrading to vSphere 5.1, then it might be worth while to benefit of it to unify your login to vCloud Director. Wouldn’t be nice if you don’t have to enter your credential separately for vCloud Director after you have already logged on to your vSphere Web Client or the opposite. Is not this the idea behind including SSO in vSphere 5.1. In this blog post, I will share with you the exact instructions on how to configure your vCloud Director to utilize vCenter SSO to login vCloud Admins to the system.
To configure vCloud Director 5.1.x provider SSO follow the below instructions:
- Log in to the vCloud Director as a system administrator.
- Navigate to Administration tab and select Federation under System Settings in the left pane.
- Under vSphere Services, click Register.
- Enter the following information, and click OK when done.
- Lookup Service URL: https://<hostnameorIPaddressofSSOServer>:7444/lookupservice/sdk (Note: If Single SSO HA is used, then you want to use the SSO Load balancer IP or hostname)
- SSO Admin User Name: administrator.
- SSO Admin User Password: password.
- vCloud Director URL: https://hostnameorIPaddressofvCloudDirectorVIP/cloud
- Select Use vSphere Single Sign-On, and click Apply.
- In the Administration tab, select Users under System Administrators & Roles in the left pane.
- Click the icon to import users.
- Under Enter user names to import, type viadmin@VirtualizationTeam.com, and click OK. (Note: viAdmin is the user/group I wanted to give permission to vCD where VirtualizationTeam.com is the domain name. Replace this info with the specific one for your environment).
- Verify that the user account imported is successfully enabled and the type is SAML.
- Log out of the vCloud Director and close the browser.
- Open a new browser window and log in to the vCenter Server using vSphere Web Client as viadmin@VirtualizationTeam.com. (Note: I highly recommend that you login to the webclient the first time before you try to login directly to vCloud Director using SSO for the first time. This seems to make things work in a much smoother fashion, though you have to do this only once for your first login, where going forward from there you can start logging in directly using your vCloud URL and entering your credentials in there)
- Open a new browser tab and point it to vCloud Director User Interface to automatically log in without requiring further authentication.
Happy vCD SSO Federation, & hope this make your daily administration life a bit easier and save you from having to retype the user name and password twice.