How Do I Establish a Trust Relationship Between VMware Cloud services and VMware Cloud Director service
For users to be able to create VMware Cloud Director instances, an organization owner must first establish a trust relationship between VMware Cloud Director service and the VMware Cloud organization.
When you create a VMware Cloud Director instance, VMware Cloud Director service creates an OAuth app for this instance in the VMware Cloud organization and configures the VMware Cloud Director instance to point to this OAuth app. As a result, VMware Cloud services becomes the identity provider for the VMware Cloud Director instance.
Because only a VMware Cloud organization owner can create OAuth apps in VMware Cloud, when a user without this set of rights attempts to create a VMware Cloud Director instance, SSO cannot be configured for that instance.
When a VMware Cloud organization owner establishes a trust relationship between VMware Cloud Director service and the VMware Cloud organization, VMware Cloud Director service acquires the right to create OAuth apps on behalf of all users in the VMware Cloud organization.
As a result, all users can create a VMware Cloud Director instance that uses VMware Cloud services as its identity provider.
Prerequisites
Verify that you are a VMware Cloud organization owner.
Procedure
- ♦
Run a POST request.
POST https://operatorUrl/organizations/organization-Urn/configuration/cspCredentials
Here operatorUrl is the operator URL, for example vcdc-operator-prod-us-west-2.vdp.vmware.com.
Example: Create an OAuth App That Is Associated with Your Organization
This example creates an OAuth app that is associated with your VMware Cloud organization.
POST https://vcdc-operator-prod-us-west-2.vdp.vmware.com/organizations/urn:vcdc:organization:12345678-1234-1234-1234-123456789abc/configuration/cspCredentials
Authorization header of the request.
Authorization: Bearer eyJh…I1NiIs
{
"appId": "aa1A1aaAaAa1AaA1Aa1aAaaaaAaaaAAAaaA",
"appSecret": "******"
}