5.5
Table Of Contents
- vCloud API Programming Guide
- Contents
- vCloud API Programming Guide
- About the VMware vCloud API
- Hello vCloud: A Simplified RESTful Workflow
- Exploring a Cloud
- Summary of vCloud API Browsing Requests
- Retrieve the Login URL and List of Supported API Versions
- Create a Login Session Using the Integrated Identity Provider
- Retrieve a List of Organizations Accessible to You
- Retrieve an Administrative View of a Cloud
- Retrieve a List of vSphere Platform Operations and Objects for a Cloud
- Provisioning an Organization
- Summary of vCloud API Provisioning Requests
- Upload an OVF Package to Create a vApp Template
- Download a vApp or vApp Template as OVF
- Upload a Media Image
- Download a Media Image
- Capturing and Importing vApps
- Managing Catalog Items
- Creating and Using Independent Disks
- View or Change the Owner of an Object
- Controlling Access to vApps and Catalogs
- Deploying and Operating vApps
- Summary of vCloud API vApp and Virtual Machine Operations Requests
- Create a vApp From a Template
- Create a vApp From an OVF Package
- Compose a vApp From Existing Virtual Machines
- Recompose a vApp to Add or Remove Virtual Machines
- Clone a vApp
- Capture a vApp as a Template
- Update vApp Access Controls
- Provide User Input Requested by a Virtual Machine
- Attach or Detach an Independent Disk
- Creating and Using vApp Snapshots
- Operate a vApp
- Configuring vApps and Virtual Machines
- Retrieve the Configuration Links for a vApp
- Retrieve the Configuration Links for a Virtual Machine
- Update Multiple Sections of a Virtual Machine
- Retrieve or Update a Modifiable Section
- Update a vApp Network Configuration
- Update the NetworkConnectionSection of a Virtual Machine
- Retrieve or Modify the CPU Configuration of a Virtual Machine
- Retrieve or Modify the GuestCustomizationSection of a Virtual Machine
- Retrieve or Modify ProductSection Elements
- Retrieve or Modify Groups of Related Sections in a Virtual Machine
- Retrieve or Modify the Hard Disk Configuration of a Virtual Machine
- Update the Storage Profile for a Virtual Machine
- Creating and Managing Organizations
- Summary of Administrative Requests
- Administrator Credentials and Privileges
- Organization Administration
- VDC Administration
- Network Administration
- Catalog Administration
- User and Group Administration
- Working With Roles and Rights
- Managing and Monitoring a Cloud
- Summary of System Administration Requests
- Retrieve or Update System Settings
- Attach a vCenter Server
- Finding Available vCenter Resources
- Create a Provider VDC
- Create an External Network
- Create a Network Pool
- Import a Virtual Machine from vCenter
- Relocate a Virtual Machine to a Different Datastore
- Truststore and Keytab Maintenance
- Retrieve the vSphere URL of an Object
- Working With Object Metadata
- Using the Query Service
- Configuring and Using Blocking Tasks and Notifications
- vCloud Director Extension Services
- XML Representations in the vCloud API
- Index
Prerequisites
NOTE This procedure assumes that you are logging in with credentials managed by a SAML identity
provider. Users whose credentials are managed by the vCloud Director integrated identity provider must
follow a different login workflow.
n
Verify that you know the login URL. See “Retrieve the Login URL and List of Supported API Versions,”
on page 43
n
Verify that you are logging in as a user whose identity is managed by the SAML identity provider
defined by your organization.
Procedure
1 Acquire the SAML assertion from your identity provider.
The system administrator must use the vSphere SSO Service as the identity provider.
2 Compress the assertion using GZIP.
3 Encode the compressed assertion a MIME Base64 encoding, as specified in RFC 1421.
4 Use the login URL to authenticate to the cloud.
POST a request to this URL. The request must include an Authorization header that specifies SIGN as
the authorization method and has the following attributes:
Table 3‑2. Authorization Header Attributes and Values
Attribute Name Attribute Value
token
The compressed, encoded identity assertion from your
SAML identity provider.
signature Base64 encoded signature of the token XML (the
uncompressed identity assertion from your SAML
identity provider) generated using client's private key.
Required when using holder-of-key subject
confirmation.
signature_alg The algorithm used to generate the signature,
expressed as one of the values listed in
http://docs.oracle.com/javase/7/docs/technotes/guides/se
curity/StandardNames.html#Signature Required if
signature is present.
org
The name of your vCloud Director organization.
Defaults to org="system" if not specified.
See “Example: Create a Login Session Using a SAML Identity Provider,” on page 48.
5 Examine the response.
The response code indicates whether the request succeeded, or how it failed.
n
If the authentication header is missing, the server returns HTTP response code 403.
n
If the credentials supplied in the authentication header are invalid, the server returns HTTP
response code 401.
n
If the request is successful, the server returns HTTP response code 200 (OK) and headers that
include an authorization header of the form:
x-vcloud-authorization: token
This header must be included in each subsequent vCloud API request.
The Session element returned from a successful login contains one or more URLs from which you can
begin browsing.
Chapter 3 Exploring a Cloud
VMware, Inc. 47