VMware Cloud Director has a brand new function added in 10.4.1 launch which gives flexibility to vary Id Suppliers as per your selection and comfort, with out shedding the assets assigned to the customers. VMware Cloud Director helps Light-weight Listing Entry Protocol (LDAP), Safety Assertion Markup Language (SAML) and OpenId Join (OIDC) protocols for authentication. You possibly can swap between these protocols or migrate to a distinct identification supplier with ease by remapping present customers to their identification in one other Id Supplier. This weblog demonstrates the way to use the consumer administration API to perform this.
Moreover, VMware Cloud Director has introduced the deprecation of help for native customers beginning with 10.4.1 launch (launch notes). VMware Cloud Director’s industry-compliant integrations with exterior Id Suppliers provides advantages of most fashionable and safe authentication schemes to its clients. Clients can avail all of the options reminiscent of Two Issue Authentication/Multi Issue Authentication, biometric integrations, sensible card integrations, and so on. with VMware Cloud Director. It additionally aids clients staying updated with all future developments in authentication applied sciences.
Following is an instance to remap supplier (native) consumer to a SAML identification supplier federation. As of VMware Cloud Director 10.4.1, remapping a consumer is accessible solely as an API function. Thus, for all subsequent steps use an API shopper of your selection. In my examples beneath, I’m utilizing Postman to carry out remapping.
Pre-requisite: Be certain the Id Supplier federation to which you wish to remap consumer to is precisely configured.
- Login to VMware Cloud Director as an administrator (tenant or system administrator) and determine the consumer you wish to remap. Right here, the consumer I’m remapping is ‘demouser’. This consumer is a neighborhood consumer.
- Login utilizing the API because the administrator; both utilizing their credentials (native or LDAP), IDP issued tokens (SAML or OAuth) or VMware Cloud Director’s API Token.
API: POST “https”//{api_host}/cloudapi/1.0.0/classes”
- Retrieve the urn id of ‘demouser’ from question customers API.
API: GET “https://{api_host}/cloudapi/1.0.0/customers”
Now, utilizing this urn id, fetch full data of the consumer. Confer with Get Person for extra perception on this API.
API: GET “https://{api_host}/cloudapi/1.0.0/customers/urn:vcloud:consumer:bafe9a31-1810-4108-8754-3ece52a4e963”
- Copy full data of the consumer from earlier step and edit following properties to be used as physique of the following PUT request.
- Replace the ‘username’ to replicate the consumer’s username within the new Id Supplier. Whereas this instance reveals a definite username getting used, it’s potential to have less complicated updates like switching from username to electronic mail handle, and so on.
- Replace the ‘providerType’ based mostly on the kind of new Id Supplier. New values of ‘providerType’ could possibly be OIDC, SAML, LOCAL, LDAP.
Ship PUT request for the consumer to be remapped. Confer with replace consumer for extra perception on this API.
API: PUT “https://{api_host}/cloudapi/1.0.0/customers/urn:vcloud:consumer:bafe9a31-1810-4108-8754-3ece52a4e963”
The consumer ‘demouser’ has now been remapped to the tenant’s SAML identification supplier and their username has been remapped to ‘demouser@supplier.com’.
Customers might be remapped from one IDP federation to a different utilizing the identical course of. In case you are remapping a consumer to ‘LOCAL’ supplier kind, along with updating the supplier kind replace password within the physique of PUT request.
In subsequent a part of this weblog collection, we’ll remap a tenant consumer.
Take a look at the entire newest enhancements in VMware Cloud Director 10.4.
