VMware 5.1 ships with a new module to handle single sign-on authorization in vCenter installations. There are three deploy modes of this module, and two of them do not allow authentication with local SO user database, which is how we usually manage logins with Abiquo.
Multisite/HA SSO deploy mode authentications must be done against local-domain VMware database, LDAP or Active Directory.
Abiquo supports authentication:
- with a user account belonging to the local domain database.
- SSO configured with LDAP or AD
Configure SSO in vCenter
It is not possible to add SSO from a vSphere client, so you will have to log in from the vSphere web client, https://<vcenter_ip>:9443/vsphere-client.
- Ensure that chosen username is not locked. vCenter will lock any username with consecutive failed login attempts. Abiquo may have locked the user if it was not properly configured with consecutive logon attempts.
- If required add a new user for Abiquo. On the Administration menu / SSO Users and Groups use the form to add accounts to the system-domain under the Users tab.
- On the vCenter side, you will have to add permissions to the created user on each ESXi host you are going to manage with Abiquo. On vCenter Menu / Hosts and Clusters menu.
In the abiquo.properties file, specify your username in the format "username@domain" in lowercase, for example:
abiquo.dvs.vcenter.user = vdc@system-domain
Please note the format of the username, it must be username@domain. Username in domain\username format is not allowed