Data Object - SSPIAuthentication

Extends
GuestAuthentication
Since
vSphere API 5.0

Data Object Description

SSPIAuthentication contains the information necessary to initiate a ticketed authentication session in the guest using SSPI credentials. The ticketed session is not stateless and stores state inside of the guest.

To use SSPIAuthentication, populate sspiToken with a base64 encoded SSPI token. Then call AcquireCredentialsInGuest with the SSPIAuthentication object and no sessionID. After issuing the AcquireCredentialsInGuest call, a GuestAuthenticationChallenge will be thrown. Use the serverChallenge sspiToken in GuestAuthenticationChallenge to generate the proper SSPI response token. Populate an SSPIAuthentication object with the base64 encoded SSPI response token, and call AcquireCredentialsInGuest with the SSPIAuthentication object and the sessionID found in GuestAuthenticationChallenge.

Successful authentication will result in a TicketedSessionAuthentication object being returned. You can use the TicketedSessionAuthentication in any guest operations function call. You should NOT attempt to use SSPIAuthentication in any guest operations function call.

When you no longer need the TicketedSessionAuthentication object, you should call ReleaseCredentialsInGuest to free associated resources and session data.

Usage notes: SSPI authentication has the same limitations as a duplicated primary token obtained from the Windows API function LogonUser with the LOGON32_LOGON_NETWORK logon type. This will affect programs started with StartProgramInGuest. For example, launched programs will be unable to use WMI functions unless the "Remote Enable" privilege is enabled for the user. Similarly, access to network resources may fail due to the limitations of the token.

Properties

Name Type Description
sspiTokenxsd:string

This contains a base64 encoded SSPI Token.
Properties inherited from GuestAuthentication
interactiveSession
Properties inherited from DynamicData
dynamicProperty, dynamicType

Show WSDL type definition