VMware Horizon Cloud Service Next-Gen – The Automation Series – Chapter 4 – Single Sign-On

This blog post is part of the VMware Horizon Cloud Service Next-Gen – The Automation Series, a series of blog posts that describes the possibilities and use of the VMware Horizon Cloud Service Next-Gen APIs.

In this chapter we will add, get and delete a single sign-on configuration. We will use PowerShell to execute the requests.

The original VMware documentation for single sign-on operations can be found here.

Create

We will start by creating a new single sign-on configuration. For this we will use the following information:

HTTP Method POST
URI https://cloud.vmwarehorizon.com/admin/v1/sso-configurations
Content-Type application/json Header
Authorization Bearer <Access token> Header
orgId Organization ID Body
name Any name for the record Body
description Any description for the record Body
activeDirectoryIds The id number(s) for your Active Directory configuration(s), must be in the same forest Body
caConfigDn Location in Active Directory where the configuration is stored Body
caMode Choose root or sub Body

With this information we will now construct the lines of code in PowerShell to add the single sign-on configuration.

(1) We create the access token from the API token using the New-HCSAccessToken function we described in chapter 2. We put this value in the $AccessToken variable, which we will use in the following step.

(2) We then construct the $Header array, where we specify the expected Content-Type to be received by the URI, which is application/json. And we specify the type of authorization using the Bearer type with the access token from the variable $AccessToken.

(3) After this we construct the $Body array with all the items that define the single sign-on configuration to be added to the Horizon Cloud Services.

Now that we have both the Header and Body information in place, it’s time to execute the command to add the single sign-on configuration (1). Once executed, the output with what has been configured will be displayed (2).

When we look in the Horizon Universal Console, we see that the single sign-on configuration is added.

Get

To retrieve the single sign-on configuration(s), we will use the following information:

HTTP Method GET
URI https://cloud.vmwarehorizon.com/admin/v1/sso-configurations
Content-Type application/json Header
Authorization Bearer <Access token> Header

With this information we will now construct the lines of code in PowerShell to retrieve the single sign-on configuration(s).

(1) We create the access token from the API token again using the New-HCSAccessToken function, and put this value in the $AccessToken variable, which we will use in the following step.

(2) We construct the $Header array, where we specify the expected Content-Type to be received by the URI, which is application/json. And we specify the type of authorization using the Bearer type with the access token from the variable $AccessToken.

(3) We execute the command to retrieve the single sign-on configuration(s).

(4) Once executed, the output with what has been configured will be displayed.

Delete

To delete an Active Directory configuration, we will use the following information:

HTTP Method DELETE
URI https://cloud.vmwarehorizon.com/admin/v1/sso-configurations/<single sign-on record ID>
Content-Type application/json Header
Authorization Bearer <Access token> Header
id Id for the SSO configuration URI

You can lookup the required single sign-on record ID using the steps from the Get paragraph. Look for the id value in the output.

With this information we will now construct the lines of code in PowerShell to delete the single sign-on configuration.

(1) We create the access token from the API token again using the New-HCSAccessToken function, and put this value in the $AccessToken variable, which we will use in the following step.

(2) We construct the $Header array, where we specify the expected Content-Type to be received by the URI, which is application/json. And we specify the type of authorization using the Bearer type with the access token from the variable $AccessToken.

(3) We execute the command to delete the single sign-on configuration.

(4) Once executed, the output with what has been deleted will be displayed.

PowerShell Functions Examples

The scripts below serve as examples. You may change the scripts to your own needs or standards, like error handling, securing password strings and things like that.

I hope this chapter was informative and that you enjoyed reading.

Next up is site configuration.

You may also like...

1 Response

  1. June 3, 2024

    […] 1 – API Token Chapter 2 – Access Token Chapter 3 – Active Directory Chapter 4 – Single Sign-On Chapter 5 – Site Chapter 6 – Provider Instance Chapter 7 – Edge Chapter 8 – […]