WilliamLam.com

Quick Tip - Retrieving vCenter Identity Federation Secret Token Expiry

by // Leave a Comment

As part of setting up vCenter Server or VMware Cloud Foundation (VCF) Identity Federation, if your identity provider supports the SCIM (System for Cross-domain Identity Management) protocol, you must generate a token from vCenter Server. This token enables the identity provider to automatically publish users to the vCenter Server Identity Broker (vIDB), so that you can look up users from your identity provider for vSphere Role assignment.


The token that is generated by vCenter Server is known as a JWT (JSON Web Token) and once you have copied it, you can no longer retrieve the value, which is by design. In the vSphere UI, it does provide the expiry of the last JWT token that was generated and I was recently asked on how to retrieve this value?

[Read more...]

vCenter Server Identity Federation with Zitadel

by // Leave a Comment

Not sure when it happened, but I have been binging self-hosted identity providers like Netflix shows, this season features AuthentikKeyCloak, Synology SSO and Pocket ID.

To add to my collection, I was recently asked whether Zitadel could also work as an identity provider with vCenter Server and/or VMware Cloud Foundation (VCF)?


As you can see from the screenshot above, you have your answer 😁

[Read more...]

Quick Tip - Listing vSphere Global Permissions using PowerShell

by // 10 Comments

Parsing complex HTML is definitely challenging, even with PowerShell. I had hoped to use the free tier of ChatGPT and their latest 4o model to help build a PowerShell function for HTML parsing, but I kept running into system limits and the AI often misunderstood what I was asking for.

I finally gave in and purchased the $20 subscription so that I could expand on my 2017 blog post about automating vSphere Global Permissions and add support for listing global permissions, which came at a request from a recent user.

It turns out calling the private vSphere Global Permissions API via the vSphere MOB to show all current vSphere Global Permissions is extremely difficult due to the complex HTML that is rendered by the vSphere MOB. In fact, it took 25 iterations before I finally arrived at the solution using ChatGPT's 4o model. In several of the iterations, it ended up going backwards in progress, so that was pretty annoying!

Not sure if this is the new fancy "vibe coding" trend that I had experienced ... 😅

[Read more...]