5.5
Table Of Contents
- vCloud API Programming Guide
- Contents
- vCloud API Programming Guide
- About the VMware vCloud API
- Hello vCloud: A Simplified RESTful Workflow
- Exploring a Cloud
- Summary of vCloud API Browsing Requests
- Retrieve the Login URL and List of Supported API Versions
- Create a Login Session Using the Integrated Identity Provider
- Retrieve a List of Organizations Accessible to You
- Retrieve an Administrative View of a Cloud
- Retrieve a List of vSphere Platform Operations and Objects for a Cloud
- Provisioning an Organization
- Summary of vCloud API Provisioning Requests
- Upload an OVF Package to Create a vApp Template
- Download a vApp or vApp Template as OVF
- Upload a Media Image
- Download a Media Image
- Capturing and Importing vApps
- Managing Catalog Items
- Creating and Using Independent Disks
- View or Change the Owner of an Object
- Controlling Access to vApps and Catalogs
- Deploying and Operating vApps
- Summary of vCloud API vApp and Virtual Machine Operations Requests
- Create a vApp From a Template
- Create a vApp From an OVF Package
- Compose a vApp From Existing Virtual Machines
- Recompose a vApp to Add or Remove Virtual Machines
- Clone a vApp
- Capture a vApp as a Template
- Update vApp Access Controls
- Provide User Input Requested by a Virtual Machine
- Attach or Detach an Independent Disk
- Creating and Using vApp Snapshots
- Operate a vApp
- Configuring vApps and Virtual Machines
- Retrieve the Configuration Links for a vApp
- Retrieve the Configuration Links for a Virtual Machine
- Update Multiple Sections of a Virtual Machine
- Retrieve or Update a Modifiable Section
- Update a vApp Network Configuration
- Update the NetworkConnectionSection of a Virtual Machine
- Retrieve or Modify the CPU Configuration of a Virtual Machine
- Retrieve or Modify the GuestCustomizationSection of a Virtual Machine
- Retrieve or Modify ProductSection Elements
- Retrieve or Modify Groups of Related Sections in a Virtual Machine
- Retrieve or Modify the Hard Disk Configuration of a Virtual Machine
- Update the Storage Profile for a Virtual Machine
- Creating and Managing Organizations
- Summary of Administrative Requests
- Administrator Credentials and Privileges
- Organization Administration
- VDC Administration
- Network Administration
- Catalog Administration
- User and Group Administration
- Working With Roles and Rights
- Managing and Monitoring a Cloud
- Summary of System Administration Requests
- Retrieve or Update System Settings
- Attach a vCenter Server
- Finding Available vCenter Resources
- Create a Provider VDC
- Create an External Network
- Create a Network Pool
- Import a Virtual Machine from vCenter
- Relocate a Virtual Machine to a Different Datastore
- Truststore and Keytab Maintenance
- Retrieve the vSphere URL of an Object
- Working With Object Metadata
- Using the Query Service
- Configuring and Using Blocking Tasks and Notifications
- vCloud Director Extension Services
- XML Representations in the vCloud API
- Index
<UsersList>
<UserReference
type="application/vnd.vmware.admin.user+xml"
name="User-1"
href="https://vcloud.example.com/api/admin/user/18" />
<UserReference
type="application/vnd.vmware.admin.user+xml"
name="User-3"
href="https://vcloud.example.com/api/admin/user/19" />
</UsersList>
<Role
type="application/vnd.vmware.admin.role+xml"
name="vApp Wrangler"
href="https://vcloud.example.com/api/admin/role/102" />
</Group>
Import a User or Group from a SAML Identity Provider
If your organization defines a SAML identity provider in its OrgFederationSettings, you cannot import the
users or groups as you can from an LDAP service. Instead, you must map the SAML-defined roles of those
users and groups to roles defined in your organization.
Unlike imports from an LDAP service, imports from a SAML identity provider do not actually import
information from an external database. Instead, the operation creates a mapping between a user or group
name in your organization's database and a user or group name defined by your organization's SAML
provider. The vCloud Director database stores these mappings, but does not store any data retrieved from
the SAML provider.
When a user login presents a SAML token to the organization, user and group names in the token are
evaluated using the mappings established by the import operation. This evaluation process can be
summarized as follows:
n
If the SAML token includes an attribute named UserName, try to match the value of that attribute to the
value of the name attribute of the User.
n
If the SAML token does not include an attribute named UserName, try to match the value of the NameId
element to the value of the name attribute of the User.
n
If the SAML token includes an attribute named Groups, assume that the value of that attribute is a list of
group names, and try to match each value in the list to the value of the name attribute of a Group in the
organization. If the
n
If the SAML token does not include an attribute named Groups, assume that the user is not a member of
any group.
Prerequisites
n
Verify that you are logged in to the vCloud API as an organization administrator or system
administrator.
n
Verify that your organization has defined a SAML identity provider in its OrgFederationSettings.
Procedure
1 Create a User or Group element that identifies a user or group defined by your organization's SAML
provider.
2 Include the following line in the User or Group element.
<ProviderType>SAML</ProviderType>
3 POST the element to the organization's users or groups URL.
Chapter 6 Creating and Managing Organizations
VMware, Inc. 225