Configure SSO on VMware NSX using the API

This is just a very short post about the problems I was facing while trying to configure SSO on NSX Manager using the API.

The NSX API documentation contains following:
POST https://<nsxmgr-ip>/api/2.0/services/ssoconfig

Request Body:

<ssoconfig>
<ssoLookupServiceUrl></ssoLookupServiceUrl>
<ssoAdminUsername></ssoAdminUsername>
<ssoAdminUserpassword></ssoAdminUserpassword>
</ssoConfig>

While testing with this call I always got a http error 403 back. However the credentials used to authenticate against NSX Manager API and the ssoAdminUsername with ssoAdminUserpassword were 100% correct.

Finally I was able to figure it out. You can change the Request Body slightly:

<ssoconfig>
<ssoLookupServiceUrl></ssoLookupServiceUrl>
<ssoAdminUsername></ssoAdminUsername>
<ssoAdminUserpassword></ssoAdminUserpassword>
<certificateThumbprint></certificateThumbprint>
</ssoConfig>

Just fill the certificateThumprint with the SSO certificate thumbprint. Btw. the ssoLookupServiceUrl should look like https://[SSO server]:[SSO port]/lookupservice/sdk.

This has been tested on NSX Version 6.1.3 Build 2591148. This has not been verified/documented by VMware yet.

Hope this helps you to avoid some Troubleshooting time. Any suggestions and feedback welcome!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: