I dont understand the need of ADFS here when the users have to enter their username and password anyway in comparison to their AD account login method. is there a way to setup the access and authorisation without users needing to enter their Admin account username and password?
How does ADFS affect authenticating to vCenter via PowerCLI? Does it continue to pass your AD creds through? Will you need to use local accounts? I want to use ADFS, but don't want to lose SSO via PowerCLI.
Check this out and see what you think: docs.vmware.com/en/VMware-Cloud-Foundation/5.1/com.vmware.vcf.vxrail.doc/GUID-ED8F3714-8A85-4D1F-B6BC-A1420213A479.html Similar instructions for Okta: docs.vmware.com/en/VMware-Cloud-Foundation/5.1/com.vmware.vcf.vxrail.doc/GUID-779756CD-3FC9-4436-A324-439B8C199515.html
Hello, this is a great video. Thank you for this! I've had an issue where you get a certificate error when attempting to configure adfs on vcenter (com.vmware Trust management.impl.invalidargumentexception server returned http response code 526) Documentation says you need to import the root CA certificate for adfs. Do you also need to import the vcenter root ca certs into adfs? I've also seen some forums where users have had to generate new machine ssl certs from a public or internal CA depending on which the organisation is using. Any info would be appreciated. Thanks
I'm lost at 5:30, I thought I had everything set up correctly but when I go to initiate ADFS, vCenter fails. I think its due to this step, but I'm having a hard time understanding what you are exactly doing in this "keystore" Can you explain this a little better or provide the documentation is states it calls for?
Hi Stylore! Check out this section of the docs: docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.authentication.doc/GUID-63C74336-04DF-426A-9B80-BA078DF1E20F.html with the goal being to make sure the Java keystore knows about the trusted root cert from my lab's CA.
@@VMwareTAMLab I think I finally figured it out. My issue was the exporting of the Root CA. I was exporting as DER but the only way the cert would take is if it was exported as Base-64 encoded. Hope this helps someone else if they see this message, I spent almost a month trying to figure out that little caveat.
Thanks! You saved me at 14:22
I dont understand the need of ADFS here when the users have to enter their username and password anyway in comparison to their AD account login method.
is there a way to setup the access and authorisation without users needing to enter their Admin account username and password?
thanks for this guys!
How does ADFS affect authenticating to vCenter via PowerCLI? Does it continue to pass your AD creds through? Will you need to use local accounts? I want to use ADFS, but don't want to lose SSO via PowerCLI.
thanks! can i ask ? My sddc still can't use ADFS account . My vcenter can use it normally
Check this out and see what you think: docs.vmware.com/en/VMware-Cloud-Foundation/5.1/com.vmware.vcf.vxrail.doc/GUID-ED8F3714-8A85-4D1F-B6BC-A1420213A479.html
Similar instructions for Okta: docs.vmware.com/en/VMware-Cloud-Foundation/5.1/com.vmware.vcf.vxrail.doc/GUID-779756CD-3FC9-4436-A324-439B8C199515.html
If I configured adfs in vcenter, will it allow windows protected group member to login into vcenter?
Hello, this is a great video. Thank you for this! I've had an issue where you get a certificate error when attempting to configure adfs on vcenter (com.vmware
Trust management.impl.invalidargumentexception server returned http response code 526) Documentation says you need to import the root CA certificate for adfs. Do you also need to import the vcenter root ca certs into adfs? I've also seen some forums where users have had to generate new machine ssl certs from a public or internal CA depending on which the organisation is using. Any info would be appreciated. Thanks
could you solve the issue?
Can you post the lin for the ducumentaion you are refrencing?
I'm lost at 5:30, I thought I had everything set up correctly but when I go to initiate ADFS, vCenter fails. I think its due to this step, but I'm having a hard time understanding what you are exactly doing in this "keystore" Can you explain this a little better or provide the documentation is states it calls for?
Hi Stylore! Check out this section of the docs: docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.authentication.doc/GUID-63C74336-04DF-426A-9B80-BA078DF1E20F.html with the goal being to make sure the Java keystore knows about the trusted root cert from my lab's CA.
@@VMwareTAMLab I think I finally figured it out. My issue was the exporting of the Root CA. I was exporting as DER but the only way the cert would take is if it was exported as Base-64 encoded. Hope this helps someone else if they see this message, I spent almost a month trying to figure out that little caveat.
@@stylore Bro you saved me months of investigation hahaha God bless you!
@@ninjarule glad to be of help, it was a real struggle when I was trying to figure it out :)
what's the keytool password?
solved is default one: changeit