7.1
Table Of Contents
- Developing a Web Services Client for VMware vRealize Orchestrator
- Contents
- Developing a Web Services Client for VMware vRealize Orchestrator
- Updated Information
- Developing a Web Services Client
- Using the vRealize Orchestrator REST API
- Authenticating Against Orchestrator and Third-Party Systems
- Accessing the Reference Documentation for the Orchestrator REST API
- Using the Java REST SDK
- Operations with Workflows
- Working with Tasks
- Finding Objects in the Orchestrator Inventory
- Importing and Exporting Orchestrator Objects
- Deleting Orchestrator Objects
- Setting Permissions on Orchestrator Objects
- REST API Permissions
- Retrieve the Permissions of a Workflow
- Delete the Permissions of a Workflow
- Set the Permissions for a Workflow
- Retrieve the Permissions of an Action
- Delete the Permissions of an Action
- Set the Permissions for an Action
- Retrieve the Permissions of a Package
- Delete the Permissions of a Package
- Set the Permissions for a Package
- Retrieve the Permissions of a Resource
- Delete the Permissions of a Resource
- Set the Permissions for a Resource
- Retrieve the Permissions of a Configuration Element
- Delete the Permissions of a Configuration Element
- Set the Permissions for a Configuration Element
- Performing Operations with Plug-Ins
- Performing Server Configuration Operations
- Performing Tagging Operations
- Index
Accessing Objects in Third-Party Systems
To perform operations in third-party systems that are registered with the vCenter Single Sign-On Server
through the Orchestrator REST API, you must authenticate against Orchestrator and the third-party system.
You include two headers in the HTTP calls that you make through the Orchestrator REST API.
n
Authorization. You must pass your principal holder-of-key token in this header.
n
VCOAuthorization. You must pass a delegate holder-of-key token for Orchestrator in this header. You
must acquire the delegate token for Orchestrator from the vCenter Single Sign-On Server. Orchestrator
uses the delegate token to authenticate against the third-party system on your behalf.
For example, to run a workow that uses a virtual machine through the Orchestrator REST API, you access
resources both in Orchestrator and in vCenter Server. To authenticate against Orchestrator and
vCenter Server, you must pass your principal holder-of-key token in the Authorization header of the
request that you make, and the delegate token in the VCOAuthorization header. In this way, you authenticate
against Orchestrator with your principal token and Orchestrator authenticates on your behalf against
vCenter Server with the delegate token.
The vCenter Single Sign-On Server treats Orchestrator as a solution, and every solution is registered with a
unique user name with the vCenter Single Sign-On Server. You request a delegate token for Orchestrator by
passing the solution user name of Orchestrator and a principal holder-of-key token to the vCenter Single
Sign-On Server. The token that the vCenter Single Sign-On Server issues is a delegate holder-of-key token
for Orchestrator to authenticate on your behalf against third-party systems.
Example: Obtain a Session in vCenter Single Sign-On Mode
The following example code obtains a session in vCenter Single Sign-On mode.
URI uri = URI.create("https://orchestrator-server:8281/vco/api");
VcoSessionFactory sessionFactory = new DefaultVcoSessionFactory(uri);
//provide the address of the vCenter Single Sign-On server
URI ssoUri = URI.create("https://sso-server:7444/ims/STSService?wsdl");
//set the tokens to be valid for an hour
long lifeTimeSeconds = 60 * 60;
//create a factory for vCenter Single Sign-On tokens
SsoAuthenticator sso = new SsoAuthenticator(ssoUri, sessionFactory, lifeTimeSeconds);
//provide vCenter Single Sign-On credentials
SsoAuthentication authentication = sso.createSsoAuthentication("username", "password");
VcoSession session = sessionFactory.newSession(authentication);
//use session here
Get the Solution User Name of Orchestrator
The vCenter Single Sign-On Server treats Orchestrator as a solution, and every solution is registered with a
unique user name with the vCenter Single Sign-On Server. To be able to request a delegate holder-of-key
token for Orchestrator from the vCenter Single Sign-On Server, you need the solution user name of
Orchestrator.
Prerequisites
Verify that you have a valid principal holder-of-key token that the vCenter Single Sign-On Server issued.
Chapter 3 Using the vRealize Orchestrator REST API
VMware, Inc. 13