5.5.1
Table Of Contents
- Developing a Web Services Client for VMware vCenter Orchestrator
- Contents
- Developing Web Services Client for VMware vCenter Orchestrator
- Developing a Web Services Client
- Using the vCenter Orchestrator REST API
- Authenticating Against Orchestrator and Third-Party Systems
- Accessing the Reference Documentation for the Orchestrator REST API
- Using the Java REST SDK
- Operations with Workflows
- Working with Tasks
- Finding Objects in the Orchestrator Inventory
- Importing and Exporting Orchestrator Objects
- Deleting Orchestrator Objects
- Setting Permissions on Orchestrator Objects
- REST API Permissions
- Retrieve the Permissions of a Workflow
- Delete the Permissions of a Workflow
- Set the Permissions for a Workflow
- Retrieve the Permissions of an Action
- Delete the Permissions of an Action
- Set the Permissions for an Action
- Retrieve the Permissions of a Package
- Delete the Permissions of a Package
- Set the Permissions for a Package
- Retrieve the Permissions of a Resource
- Delete the Permissions of a Resource
- Set the Permissions for a Resource
- Retrieve the Permissions of a Configuration Element
- Delete the Permissions of a Configuration Element
- Set the Permissions for a Configuration Element
- Performing Operations with Plug-Ins
- Performing Server Configuration Operations
- Performing Tagging Operations
- Writing a Client Application for the Orchestrator SOAP Service
- Process for Creating an Orchestrator Web Service Client Application
- Web Service Endpoint
- Generating the Orchestrator Web Service Stubs
- Accessing the Server from Web Service Clients
- Create a Web Service Client
- Connect to the Orchestrator Web Service
- Find Objects in the Orchestrator Server
- Find Objects by Using the find Operation
- Find Objects by Using the findForId Operation
- Find Objects by Using the findRelation Operation
- Find Workflows in the Orchestrator Server
- Find Workflows by Using the getAllWorkflows Operation
- Retrieve the ID of a Workflow
- Find Workflows by Using the getWorkflowsWithName Operation
- Find Workflows by Using the getWorkflowForID Operation
- Run Workflows from a Web Service Client
- Interact with a Workflow While it Runs
- Obtain Workflow Results
- Time Zones and Running Workflows Through Web Services
- Web Service Application Examples
- Web Service API Object Reference
- Web Service API Operation Reference
- answerWorkflowInput Operation
- cancelWorkflow Operation
- echo Operation
- echoWorkflow Operation
- executeWorkflow Operation
- find Operation
- findForId Operation
- findRelation Operation
- getAllPlugins Operation
- getAllWorkflows Operation
- getWorkflowForId Operation
- getWorkflowInputForId Operation
- getWorkflowInputForWorkflowTokenId Operation
- getWorkflowsWithName Operation
- getWorkflowTokenBusinessState Operation
- getWorkflowTokenForId Operation
- getWorkflowTokenResult Operation
- getWorkflowTokenStatus Operation
- hasChildrenInRelation Operation
- hasRights Operation
- sendCustomEvent Operation
- simpleExecuteWorkflow Operation
- Index
For example, to run a workflow that uses a virtual machine through the Orchestrator REST API, you access
resources both in Orchestrator and in vCenter Server. To authenticate against Orchestrator and
vCenter Server, you must pass your principal holder-of-key token in the Authorization header of the
request that you make, and the delegate token in the VCOAuthorization header. In this way, you authenticate
against Orchestrator with your principal token and Orchestrator authenticates on your behalf against
vCenter Server with the delegate token.
The vCenter Single Sign-On Server treats Orchestrator as a solution, and every solution is registered with a
unique user name with the vCenter Single Sign-On Server. You request a delegate token for Orchestrator by
passing the solution user name of Orchestrator and a principal holder-of-key token to the vCenter Single
Sign-On Server. The token that the vCenter Single Sign-On Server issues is a delegate holder-of-key token
for Orchestrator to authenticate on your behalf against third-party systems.
Example: Obtain a Session in vCenter Single Sign-On Mode
The following example code obtains a session in vCenter Single Sign-On mode.
URI uri = URI.create("https://vco-server:8283/vco/api");
VcoSessionFactory sessionFactory = new DefaultVcoSessionFactory(uri);
//provide the address of the vCenter Single Sign-On server
URI ssoUri = URI.create("https://sso-server:7444/ims/STSService?wsdl");
//set the tokens to be valid for an hour
long lifeTimeSeconds = 60 * 60;
//create a factory for vCenter Single Sign-On tokens
SsoAuthenticator sso = new SsoAuthenticator(ssoUri, sessionFactory, lifeTimeSeconds);
//provide vCenter Single Sign-On credentials
SsoAuthentication authentication = sso.createSsoAuthentication("username", "password");
VcoSession session = sessionFactory.newSession(authentication);
//use session here
Get the Solution User Name of Orchestrator
The vCenter Single Sign-On Server treats Orchestrator as a solution, and every solution is registered with a
unique user name with the vCenter Single Sign-On Server. To be able to request a delegate holder-of-key
token for Orchestrator from the vCenter Single Sign-On Server, you need the solution user name of
Orchestrator.
Prerequisites
Verify that you have a valid principal holder-of-key token that the vCenter Single Sign-On Server issued.
Procedure
1 Make a GET request at the URL of the solution user name of Orchestrator:
GET https://{vcoHost}:{port}/vco/api/users/
2 Provide your principal holder-of-key token in the Authorization header of the request.
The <user solution-user="vCOSolutionUserName"/> element of the response contains the solution user
name of Orchestrator. The following is an example of a solution user name of Orchestrator.
<user xmlns="http://www.vmware.com/vco" solution-user="vCO-133acc26ff78e5695b102146326" admin-
rights="true"/>
Chapter 2 Using the vCenter Orchestrator REST API
VMware, Inc. 13