WilliamLam.com

Quick Tip - Retrieving vCenter Identity Federation Secret Token Expiry

by // Leave a Comment

As part of setting up vCenter Server or VMware Cloud Foundation (VCF) Identity Federation, if your identity provider supports the SCIM (System for Cross-domain Identity Management) protocol, you must generate a token from vCenter Server. This token enables the identity provider to automatically publish users to the vCenter Server Identity Broker (vIDB), so that you can look up users from your identity provider for vSphere Role assignment.


The token that is generated by vCenter Server is known as a JWT (JSON Web Token) and once you have copied it, you can no longer retrieve the value, which is by design. In the vSphere UI, it does provide the expiry of the last JWT token that was generated and I was recently asked on how to retrieve this value?

[Read more...]

vCenter Server Identity Federation with Zitadel

by // Leave a Comment

Not sure when it happened, but I have been binging self-hosted identity providers like Netflix shows, this season features AuthentikKeyCloak, Synology SSO and Pocket ID.

To add to my collection, I was recently asked whether Zitadel could also work as an identity provider with vCenter Server and/or VMware Cloud Foundation (VCF)?


As you can see from the screenshot above, you have your answer 😁

[Read more...]

vCenter Server Identity Federation with Pocket ID

by // Leave a Comment

Having explored various OIDC identity providers, including Authentik, KeyCloak and Synology SSO, I recently came across Pocket ID, a super basic OIDC provider. Instead of using traditional username and passwords, Pocket ID only supports passkeys authentication based on the WebAuthn standard, which means you can login to your vCenter Server or VMware Cloud Foundation (VCF) environment using a physical device like a Yubico YubiKey or Apple Face ID.


Disclaimer: Pocket ID is not an officially supported vCenter Server IdP, please use at your own risk.

[Read more...]