| Local Methods | ||
Managed Object Types | Data Object Types | All Properties | All Methods |
A guest alias defines an association between a guest user account on a virtual machine and an external vSphere user account. The vSphere account is represented by credentials consisting of an X.509 certificate and a subject name. The certificate and subject name are encoded in SAML tokens that are provided by the VMware SSO Server. The SAML tokens are attached to guest operation requests. If the credentials in a SAML token match an alias that is defined for a virtual machine, the ESXi Server guest components grant access for execution of the guest operation in the context of the user account on the virtual machine.
To create a guest alias, use the AddGuestAlias method. AddGuestAlias establishes the association between a guest user account, certificate, and SAML token subject.
If there are no aliases defined for a virtual machine, the ESXi Server will perform standard authentication using the credentials associated with a guest operation request. If one or more aliases are defined for a virtual machine, any guest operation request that uses SAML token authentication SAMLTokenAuthentication must specify a token that corresponds to one of the defined aliases.
After defining one or more guest aliases, you can specify SAMLTokenAuthentication for the auth parameter to guest operation methods:
For information about obtaining a SAML token from a VMware SSO Server, see VMware Single Sign-On Programming Guide.
You can define multiple aliases for a guest account. You can also map the credentials to an alias by setting mapCert to "true" in the call to the AddGuestAlias method. When an alias has a mapped credential, requests using that alias do not need to identify the guest account.
Properties
Name | Type | Description |
---|---|---|
None |
Methods
Methods defined in this Managed Object |
---|
AddGuestAlias, ListGuestAliases, ListGuestMappedAliases, RemoveGuestAlias, RemoveGuestAliasByCert |
This will add the given VMware SSO Server's certificate and a subject to the alias store of the specified user in the guest.
In order to add an alias to the guest, you must supply an existing valid credential. This can be any instance of GuestAuthentication, but must be valid for the specified guest username.
Parameters
Name | Type | Description |
---|---|---|
_this | ManagedObjectReference | A reference to the GuestAliasManager used to make the method call. |
vm P | ManagedObjectReference
to a VirtualMachine |
Virtual machine to perform the operation on.
|
auth | GuestAuthentication |
The guest authentication data for this operation. See
GuestAuthentication. These credentials must satisfy
authentication requirements
for a guest account on the specified virtual machine.
|
username | xsd:string |
Username for the guest account on the virtual machine.
|
mapCert | xsd:boolean |
Indicates whether the certificate associated with the
alias should be mapped. If an alias certificate is mapped,
guest operation requests that use that alias do not have
to specify the guest account username in the
SAMLTokenAuthentication object. If mapCert is
false, the request must specify the username.
|
base64Cert | xsd:string |
X.509 certificate from the VMware SSO Server,
in base64 encoded DER format. The ESXi
Server uses this certificate to authenticate guest
operation requests.
|
aliasInfo | GuestAuthAliasInfo |
Specifies the subject name for authentication.
The subject name (when present) corresponds to
the value of the Subject element
in SAML tokens. The ESXi Server uses the subject
name to authenticate guest operation requests.
|
Return Value
Type | Description |
---|---|
None |
Faults
Type | Description |
---|---|
GuestComponentsOutOfDate | Thrown if the guest agent is too old to support the operation. |
GuestMultipleMappings | Thrown if the operation fails because mapCert is set and the certificate already exists in the mapping file for a different user. |
GuestOperationsFault | Thrown if there is an error processing a guest operation. |
GuestOperationsUnavailable | Thrown if the VM agent for guest operations is not running. |
GuestPermissionDenied | Thrown if there are insufficient permissions in the guest OS. |
InvalidArgument | Thrown if the operation fails because the certificate is invalid. |
InvalidGuestLogin | Thrown if the the guest authentication information was not accepted. |
InvalidPowerState | Thrown if the VM is not powered on. |
InvalidState | Thrown if the operation cannot be performed because of the virtual machine's current state. |
OperationDisabledByGuest | Thrown if the operation is not enabled due to guest agent configuration. |
OperationNotSupportedByGuest | Thrown if the operation is not supported by the guest OS. |
RuntimeFault | Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error. |
TaskInProgress | Thrown if the virtual machine is busy. |
Events
Type | |
---|---|
None |
Parameters
Name | Type | Description |
---|---|---|
_this | ManagedObjectReference | A reference to the GuestAliasManager used to make the method call. |
vm P | ManagedObjectReference
to a VirtualMachine |
Virtual machine to perform the operation on.
|
auth | GuestAuthentication |
The guest authentication data for this operation. See
GuestAuthentication. These credentials must satisfy
authentication requirements
for a guest account on the specified virtual machine.
|
username | xsd:string |
The guest user whose Alias store is being queried.
|
Return Value
Type | Description |
---|---|
GuestAliases[] |
Faults
Type | Description |
---|---|
GuestComponentsOutOfDate | Thrown if the guest agent is too old to support the operation. |
GuestOperationsFault | Thrown if there is an error processing a guest operation. |
GuestOperationsUnavailable | Thrown if the agent for guest operations is not running. |
GuestPermissionDenied | Thrown if there are insufficient permissions in the guest OS. |
InvalidGuestLogin | Thrown if the the guest authentication information was not accepted. |
InvalidPowerState | Thrown if the VM is not powered on. |
InvalidState | Thrown if the operation cannot be performed because of the virtual machine's current state. |
OperationDisabledByGuest | Thrown if the operation is not enabled due to guest agent configuration. |
OperationNotSupportedByGuest | Thrown if the operation is not supported by the guest OS. |
RuntimeFault | Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error. |
TaskInProgress | Thrown if the virtual machine is busy. |
Events
Type | |
---|---|
None |
Parameters
Name | Type | Description |
---|---|---|
_this | ManagedObjectReference | A reference to the GuestAliasManager used to make the method call. |
vm P | ManagedObjectReference
to a VirtualMachine |
Virtual machine to perform the operation on.
|
auth | GuestAuthentication |
The guest authentication data for this operation. See
GuestAuthentication. These credentials must satisfy
authentication requirements
for a guest account on the specified virtual machine.
|
Return Value
Type | Description |
---|---|
GuestMappedAliases[] |
Faults
Type | Description |
---|---|
GuestComponentsOutOfDate | Thrown if the guest agent is too old to support the operation. |
GuestOperationsFault | Thrown if there is an error processing a guest operation. |
GuestOperationsUnavailable | Thrown if the VM agent for guest operations is not running. |
GuestPermissionDenied | Thrown if there are insufficient permissions in the guest OS. |
InvalidGuestLogin | Thrown if the the guest authentication information was not accepted. |
InvalidPowerState | Thrown if the VM is not powered on. |
InvalidState | Thrown if the operation cannot be performed because of the virtual machine's current state. |
OperationDisabledByGuest | Thrown if the operation is not enabled due to guest agent configuration. |
OperationNotSupportedByGuest | Thrown if the operation is not supported by the guest OS. |
RuntimeFault | Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error. |
TaskInProgress | Thrown if the virtual machine is busy. |
Events
Type | |
---|---|
None |
Parameters
Name | Type | Description |
---|---|---|
_this | ManagedObjectReference | A reference to the GuestAliasManager used to make the method call. |
vm P | ManagedObjectReference
to a VirtualMachine |
Virtual machine to perform the operation on.
|
auth | GuestAuthentication |
The guest authentication data for this operation. See
GuestAuthentication. These credentials must satisfy
authentication requirements
for a guest account on the specified virtual machine.
|
username | xsd:string |
Username for the guest account on the virtual machine.
|
base64Cert | xsd:string |
The X.509 certificate associated with the alias to be
removed, in base64 encoded DER format.
|
subject | GuestAuthSubject |
The subject of the alias.
|
Return Value
Type | Description |
---|---|
None |
Faults
Type | Description |
---|---|
GuestComponentsOutOfDate | Thrown if the guest agent is too old to support the operation. |
GuestOperationsFault | Thrown if there is an error processing a guest operation. |
GuestOperationsUnavailable | Thrown if the VM agent for guest operations is not running. |
GuestPermissionDenied | Thrown if there are insufficient permissions in the guest OS. |
InvalidArgument | Thrown if the operation fails because the certificate is invalid. |
InvalidGuestLogin | Thrown if the the guest authentication information was not accepted. |
InvalidPowerState | Thrown if the VM is not powered on. |
InvalidState | Thrown if the operation cannot be performed because of the virtual machine's current state. |
OperationDisabledByGuest | Thrown if the operation is not enabled due to guest agent configuration. |
OperationNotSupportedByGuest | Thrown if the operation is not supported by the guest OS. |
RuntimeFault | Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error. |
TaskInProgress | Thrown if the virtual machine is busy. |
Events
Type | |
---|---|
None |
Parameters
Name | Type | Description |
---|---|---|
_this | ManagedObjectReference | A reference to the GuestAliasManager used to make the method call. |
vm P | ManagedObjectReference
to a VirtualMachine |
Virtual machine to perform the operation on.
|
auth | GuestAuthentication |
The guest authentication data for this operation. See
GuestAuthentication. These credentials must satisfy
authentication requirements
for a guest account on the specified virtual machine.
|
username | xsd:string |
Username for the guest account on the virtual machine.
|
base64Cert | xsd:string |
The X.509 certificate to be removed, in base64
encoded DER format.
|
Return Value
Type | Description |
---|---|
None |
Faults
Type | Description |
---|---|
GuestComponentsOutOfDate | Thrown if the guest agent is too old to support the operation. |
GuestOperationsFault | Thrown if there is an error processing a guest operation. |
GuestOperationsUnavailable | Thrown if the VM agent for guest operations is not running. |
GuestPermissionDenied | Thrown if there are insufficient permissions in the guest OS. |
InvalidArgument | Thrown if the operation fails because the certificate is invalid. |
InvalidGuestLogin | Thrown if the the guest authentication information was not accepted. |
InvalidPowerState | Thrown if the VM is not powered on. |
InvalidState | Thrown if the operation cannot be performed because of the virtual machine's current state. |
OperationDisabledByGuest | Thrown if the operation is not enabled due to guest agent configuration. |
OperationNotSupportedByGuest | Thrown if the operation is not supported by the guest OS. |
RuntimeFault | Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error. |
TaskInProgress | Thrown if the virtual machine is busy. |
Events
Type | |
---|---|
None |
Top of page | Local Methods | ||
Managed Object Types | Data Object Types | All Properties | All Methods |