WilliamLam.com

vCenter Server Identity Federation with Kanidm

by // 1 Comment

Looks like I will be expanding my collection of identity providers (AuthentikKeyCloakSynology SSO, Pocket ID and Zitadel) that can be used with vCenter Server and/or VMware Cloud Foundation (VCF) Identity Federation!

Fellow colleague, Eric Gray just made me aware of another self-hosted IdP called Kanidm, which he had success setting up and thought I might be interested.


Kanidm is another basic free IdP that allows users to easily setup to play with vCenter Server and/or VCF Identity Federation, but what makes this IdP unique is that it is completely managed using a CLI, there is no web interface like ones listed above.

Additionally, Kanidm supports both traditional username/password authentication and modern passkeys. If you decide to use traditional passwords, Kanidm does require setting up Time-based One-Time Passwords (TOTP) using something like Google Authenticator and provides another factor of authentication, which is pretty neat!

[Read more...]

Quick Tip - Retrieving vCenter Identity Federation Secret Token Expiry

by // Leave a Comment

As part of setting up vCenter Server or VMware Cloud Foundation (VCF) Identity Federation, if your identity provider supports the SCIM (System for Cross-domain Identity Management) protocol, you must generate a token from vCenter Server. This token enables the identity provider to automatically publish users to the vCenter Server Identity Broker (vIDB), so that you can look up users from your identity provider for vSphere Role assignment.


The token that is generated by vCenter Server is known as a JWT (JSON Web Token) and once you have copied it, you can no longer retrieve the value, which is by design. In the vSphere UI, it does provide the expiry of the last JWT token that was generated and I was recently asked on how to retrieve this value?

[Read more...]

vCenter Server Identity Federation with Zitadel

by // Leave a Comment

Not sure when it happened, but I have been binging self-hosted identity providers like Netflix shows, this season features AuthentikKeyCloak, Synology SSO and Pocket ID.

To add to my collection, I was recently asked whether Zitadel could also work as an identity provider with vCenter Server and/or VMware Cloud Foundation (VCF)?


As you can see from the screenshot above, you have your answer 😁

[Read more...]