vSAN Management API
|  | Local Properties | Local Methods | |
| Managed Object Types | Data Object Types | All Properties | All Methods | 
Managed Object - SessionManager(vim.SessionManager)
- Property of
- ServiceContent
- See also
- SessionManagerGenericServiceTicket, SessionManagerLocalTicket, SessionManagerServiceRequestSpec, UserSession
- Since
- 2.0
Managed Object Description
This managed object type includes methods for logging on and logging off clients, determining which clients are currently logged on, and forcing clients to log off.Properties
| Name | Type | Description | 
|---|---|---|
| currentSession* P | UserSession | This property contains information about the client's current session.
  If the client is not logged on, the value is null. | 
| defaultLocale P | xsd:string | This is the default server locale. | 
| message* P | xsd:string | The system global message from the server. | 
| messageLocaleList* P | xsd:string[] | Provides the list of locales for which the server has localized messages. | 
| sessionList* P | UserSession[] | The list of currently active sessions. | 
| supportedLocaleList* P | xsd:string[] | Provides the list of locales that the server supports.
  Listing a locale ensures that some standardized information such as dates appear
  in the appropriate format. Other localized information, such as error messages,
  are displayed, if available. If localized information is not available, the
  message is returned using the system locale. | 
Methods
| Methods defined in this Managed Object | 
|---|
| AcquireCloneTicket, AcquireGenericServiceTicket, AcquireLocalTicket, CloneSession, ImpersonateUser, Login, LoginBySSPI, LoginByToken, LoginExtensionByCertificate, LoginExtensionBySubjectName, Logout, SessionIsActive, SetLocale, TerminateSession, UpdateServiceMessage | 
AcquireCloneTicket(acquireCloneTicket)
Acquire a session-specific ticket string which can be used to clone the current session. The caller of this operation can pass the ticket value to another entity on the client. The recipient can then call CloneSession with the ticket string on an unauthenticated session and avoid having to re-enter credentials.The ticket may only be used once and becomes invalid after use. The ticket is also invalidated when the corresponding session is closed or expires. The ticket is only valid on the server which issued it.
   This sequence of operations is conceptually similar to the
   functionality provided by AcquireLocalTicket, however the
   methods can be used by remote clients and do not require a shared
   filesystem for transport.
See CloneSession
      
- Required Privileges
- System.View
- Since
- VI API 2.5 U2
Parameters
| Name | Type | Description | 
|---|---|---|
| _this | ManagedObjectReference | A reference to the SessionManager used to make the method call. | 
Return Value
| Type | Description | 
|---|---|
| xsd:string | one-time secret ticket string. | 
Faults
| Type | Description | 
|---|---|
| RuntimeFault | Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error. | 
Events
| Type | |
|---|---|
| None | |
Show WSDL type definition
AcquireGenericServiceTicket(acquireGenericServiceTicket)
Creates and returns a one-time credential that may be used to make the specified request.- Required Privileges
- System.Anonymous
- Since
- vSphere API Release 5.0
Parameters
| Name | Type | Description | 
|---|---|---|
| _this | ManagedObjectReference | A reference to the SessionManager used to make the method call. | 
| spec | SessionManagerServiceRequestSpec | specification for the service request which will be
              invoked with the ticket.
      
Since vSphere API Release 5.0 | 
Return Value
| Type | Description | 
|---|---|
| SessionManagerGenericServiceTicket | A ticket that may be used to invoke the specified request. The first choice for authenticating the host is GenericServiceTicket#sslCertificate. If GenericServiceTicket#sslCertificate is unset, the following logic is used to authenticate the host: 1. If the VC system supports the crypto hash algorithm of the GenericServiceTicket#sslThumbprint or GenericServiceTicket#certThumbprintList (if set), they will be verified against that of the server certificate. If they doesn't match, the CA certificates will be used to authenticate the host. 2. If the VC system does not support the crypto hash algorithm of GenericServiceTicket#sslThumbprint or GenericServiceTicket#certThumbprintList, only the CA certificates will be used to authenticate the host. | 
Faults
| Type | Description | 
|---|---|
| RuntimeFault | Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error. | 
Events
| Type | |
|---|---|
| None | |
Show WSDL type definition
AcquireLocalTicket(acquireLocalTicket)
Acquires a one-time ticket for mutual authentication between a server and client.The caller of this operation can use the user name and file content of the returned object as the userName and password arguments for login operation. The local ticket that is returned becomes invalid either after it is used or after a server-determined ticket expiration time passes. This operation can be used by servers and clients to avoid re-entering user credentials after authentication by the operating system has already happened.
For example, service console utilities that connect to a host agent should not require users to re-enter their passwords every time the utilities run. Since the one-time password file is readable only by the given user, the identity of the one-time password user is protected by the operating system file permission.
Only local clients are allowed to call this operation. Remote clients receive an InvalidRequest fault upon calling this operation.
- Required Privileges
- System.Anonymous
Parameters
| Name | Type | Description | 
|---|---|---|
| _this | ManagedObjectReference | A reference to the SessionManager used to make the method call. | 
| userName | xsd:string | User requesting one-time password.
      
Since 2.0 | 
Return Value
| Type | Description | 
|---|---|
| SessionManagerLocalTicket | LocalTicket object containing userName and path to file containing one-time password for use in login operation. | 
Faults
| Type | Description | 
|---|---|
| InvalidLogin | Thrown if the userName is invalid. | 
| RuntimeFault | Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error. | 
Events
| Type | |
|---|---|
| None | |
Show WSDL type definition
CloneSession(cloneSession)
Clone the session specified by the clone ticket and associate it with the current connection. The current session will take on the identity and authorization level of the UserSession associated with the specified cloning ticket.See AcquireCloneTicket
See AcquireGenericServiceTicket
- Required Privileges
- System.Anonymous
- Since
- VI API 2.5 U2
Parameters
| Name | Type | Description | 
|---|---|---|
| _this | ManagedObjectReference | A reference to the SessionManager used to make the method call. | 
| cloneTicket | xsd:string | ticket string acquired via AcquireCloneTicket. See AcquireCloneTicket See AcquireGenericServiceTicket Since VI API 2.5u2 | 
Return Value
| Type | Description | 
|---|---|
| UserSession | The new/cloned UserSession object. | 
Faults
| Type | Description | 
|---|---|
| InvalidLogin | Thrown if the specified ticket value is not valid. See AcquireCloneTicket See AcquireGenericServiceTicket | 
| RuntimeFault | Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error. | 
Events
| Type | |
|---|---|
| None | |
Show WSDL type definition
ImpersonateUser(impersonateUser)
Converts current session to impersonate the specified user. The current session will take on the identity and authorization level of the user. That user must have a currently-active session. If the given userName is an extension key and this key does not overlap with a user name of any currently-active session, it will take on the identity and authorization level of that extension provided the current session has the same authorization level of that extension.- Required Privileges
- Sessions.ImpersonateUser
- Since
- VI API 2.5
Parameters
| Name | Type | Description | 
|---|---|---|
| _this | ManagedObjectReference | A reference to the SessionManager used to make the method call. | 
| userName | xsd:string | The user or extension key to impersonate.
      
Since VI API 2.5 | 
| locale* | xsd:string | A two-character ISO-639 language ID (like "en")
                optionally followed by an
                underscore and a two-character ISO 3166 country ID (like "US"). Examples are "de", "fr_CA", "zh", "zh_CN", and "zh_TW". Note: The method uses the server default locale when a locale is not provided. This default can be configured in the server configuration file. If unspecified, it defaults to the locale of the server environment or English ("en") if unsupported.Since VI API 2.5 | 
Return Value
| Type | Description | 
|---|---|
| UserSession | 
Faults
| Type | Description | 
|---|---|
| InvalidLocale | |
| InvalidLogin | |
| RuntimeFault | Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error. | 
Events
| Type | |
|---|---|
| None | |
Show WSDL type definition
Login(login)
Log on to the server. This method fails if the user name and password are incorrect, or if the user is valid but has no permissions granted.- Required Privileges
- System.Anonymous
Parameters
| Name | Type | Description | 
|---|---|---|
| _this | ManagedObjectReference | A reference to the SessionManager used to make the method call. | 
| userName | xsd:string | The id
                  of the user who is logging on to the server.
      
Since 2.0 | 
| password | xsd:string | The password
                  of the user who is logging on to the server.
      
Since 2.0 | 
| locale* | xsd:string | A two-character ISO-639 language ID (like "en")
                optionally followed by an
                underscore and a two-character ISO 3166 country ID (like "US"). Examples are "de", "fr_CA", "zh", "zh_CN", and "zh_TW". Note: The method uses the server default locale when a locale is not provided. This default can be configured in the server configuration file. If unspecified, it defaults to the locale of the server environment or English ("en") if unsupported.Since 2.0 | 
Return Value
| Type | Description | 
|---|---|
| UserSession | The UserSession object. As of vSphere API 5.1 for VirtualCenter login use SSO style LoginByToken | 
Faults
| Type | Description | 
|---|---|
| InvalidLocale | Thrown if the locale is invalid or unknown to the server. | 
| InvalidLogin | Thrown if the user and password combination is invalid. | 
| RuntimeFault | Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error. | 
Events
| Type | |
|---|---|
| None | |
Show WSDL type definition
LoginBySSPI(loginBySSPI)
Deprecated. As of vSphere API 5.1 for VirtualCenter login use SSO style LoginByToken Log on to the server using SSPI pass-through authentication.This method provides support for passing credentials of the calling process to the server without using a password, by leveraging the Windows Security Support Provider Interface (SSPI) library.
If the function is not supported, this throws a NotSupported fault.
The client first calls AcquireCredentialsHandle(). If Kerberos is used, this should include the desired credential to pass. The client then calls InitializeSecurityContext(). The resulting partially-formed context is passed in Base-64 encoded form to this method.
If the context has been successfully formed, the server proceeds with login and behaves like Login. If further negotiation is needed, the server throws an SSPIChallenge fault with a challenge token, which the client should again pass to InitializeSecurityContext(), followed by calling this method again.
For more information, see the MSDN documentation on SSPI.
- Required Privileges
- System.Anonymous
- Since
- VI API 2.5
Parameters
| Name | Type | Description | 
|---|---|---|
| _this | ManagedObjectReference | A reference to the SessionManager used to make the method call. | 
| base64Token | xsd:string | The partially formed context returned from
                     InitializeSecurityContext().
      
Since VI API 2.5 | 
| locale* | xsd:string | A two-character ISO-639 language ID (like "en")
                optionally followed by an
                underscore and a two-character ISO 3166 country ID (like "US"). Examples are "de", "fr_CA", "zh", "zh_CN", and "zh_TW". Note: The method uses the server default locale when a locale is not provided. This default can be configured in the server configuration file. If unspecified, it defaults to the locale of the server environment or English ("en") if unsupported.Since VI API 2.5 | 
Return Value
| Type | Description | 
|---|---|
| UserSession | The UserSession object. | 
Faults
| Type | Description | 
|---|---|
| InvalidLocale | Thrown if the locale is invalid or unknown to the server. | 
| InvalidLogin | Thrown if the user context could not be passed successfully, or the context is not valid on the server. | 
| RuntimeFault | Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error. | 
| SSPIChallenge | Thrown if further negotiation is required. | 
Events
| Type | |
|---|---|
| None | |
Show WSDL type definition
LoginByToken(loginByToken)
Log on to the server through token representing principal identity. The token is obtained from SSO (single sign-on) service. This method fails if the token is not valid, or the principal has no permissions granted. Two type of sso tokens are supported by this method: Bearer and Holder-of-Key (HoK). If the token type obliges the method caller to prove his rights to present this token (HoK), then a signature is supplied as well. The token and the security signature if available are provided in a transport specific way.If the communication with the VirtualCenter is SOAP based read the WS-Security specification (SAML Token profile) to understand how to transport the SSO token and signature.
Usual login scenario:
- Acquire HoK token from the SSO service. Different authentication mechanisms are available for acquiring token (user/password, certificate, SSPI and so on). For more details consult the SSO documentation. To find the location of your SSO service consult the Virtual Infrastructure documentation.
- Once SSO token is acquired successfully LoginByToken could be invoked.
- Required Privileges
- System.Anonymous
- Since
- vSphere API Release 5.1
Parameters
| Name | Type | Description | 
|---|---|---|
| _this | ManagedObjectReference | A reference to the SessionManager used to make the method call. | 
| locale* | xsd:string | A two-character ISO-639 language ID (like "en")
                optionally followed by an
                underscore and a two-character ISO 3166 country ID (like "US"). Examples are "de", "fr_CA", "zh", "zh_CN", and "zh_TW". Note: The method uses the server default locale when a locale is not provided. This default can be configured in the server configuration file. If unspecified, it defaults to the locale of the server environment or English ("en") if unsupported.Since vSphere API Release 5.1 | 
Return Value
| Type | Description | 
|---|---|
| UserSession | The UserSession object. | 
Faults
| Type | Description | 
|---|---|
| InvalidLocale | Thrown if the locale is invalid or unknown to the server. | 
| InvalidLogin | Thrown if there is no token provided or the token could not be validated. | 
| RuntimeFault | Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error. | 
Events
| Type | |
|---|---|
| None | |
Show WSDL type definition
LoginExtensionByCertificate(loginExtensionByCertificate)
Deprecated. As of vSphere API 6.0, use SSO style of login instead LoginByToken Creates a special privileged session that includes the Sessions.ImpersonateUser privilege. Requires that the client connect over SSL and provide an X.509 certificate for which they hold the private key. The certificate must match the certificate used in an earlier call to SetExtensionCertificate.NOTE: Verification of the received certificate (such as expiry, revocation, and trust chain) is not required for successful authentication using this method. If certificate verification is desired, use the LoginExtensionBySubjectName method instead.
- Required Privileges
- System.Anonymous
- Since
- vSphere API Release 4.0
Parameters
| Name | Type | Description | 
|---|---|---|
| _this | ManagedObjectReference | A reference to the SessionManager used to make the method call. | 
| extensionKey | xsd:string | Key of extension that is logging in.
      
Since vSphere API Release 4.0 | 
| locale* | xsd:string | A two-character ISO-639 language ID (like "en")
                optionally followed by an
                underscore and a two-character ISO 3166 country ID (like "US"). Examples are "de", "fr_CA", "zh", "zh_CN", and "zh_TW". Note: The method uses the server default locale when a locale is not provided. This default can be configured in the server configuration file. If unspecified, it defaults to the locale of the server environment or English ("en") if unsupported.Since vSphere API Release 4.0 | 
Return Value
| Type | Description | 
|---|---|
| UserSession | 
Faults
| Type | Description | 
|---|---|
| InvalidLocale | Thrown if the supplied locale is not valid | 
| InvalidLogin | Thrown if the extension is not registered, or the certificate does not match the expected value. | 
| NoClientCertificate | Thrown if no certificate was used by the client to connect | 
| RuntimeFault | Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error. | 
Events
| Type | |
|---|---|
| None | |
Show WSDL type definition
LoginExtensionBySubjectName(loginExtensionBySubjectName)
Deprecated. As of vSphere API 6.0, use SSO style of login instead LoginByToken Creates a special privileged session that includes the Sessions.ImpersonateUser privilege. Requires that the extension connected using SSL, with a certificate that has a subject name that matches the subject name registered for the extension.As of vSphere API 4.0, the NotFound fault is no longer thrown. Instead, InvalidLogin is thrown if the specified extension is not registered.
- Required Privileges
- System.Anonymous
- Since
- vSphere API Release 4.0
Parameters
| Name | Type | Description | 
|---|---|---|
| _this | ManagedObjectReference | A reference to the SessionManager used to make the method call. | 
| extensionKey | xsd:string | Key of extension that is logging in.
      
Since VI API 2.5 | 
| locale* | xsd:string | A two-character ISO-639 language ID (like "en")
                optionally followed by an
                underscore and a two-character ISO 3166 country ID (like "US"). Examples are "de", "fr_CA", "zh", "zh_CN", and "zh_TW". Note: The method uses the server default locale when a locale is not provided. This default can be configured in the server configuration file. If unspecified, it defaults to the locale of the server environment or English ("en") if unsupported.Since VI API 2.5 | 
Return Value
| Type | Description | 
|---|---|
| UserSession | 
Faults
| Type | Description | 
|---|---|
| InvalidClientCertificate | Thrown if the client cerificate fails the verification at the server | 
| InvalidLocale | Thrown if the supplied locale is not valid | 
| InvalidLogin | Thrown if the extension is not registered, or the subject name doesn't match the subject name of the extension. | 
| NoClientCertificate | Thrown if no certificate was used by the client to connect | 
| NoSubjectName | Thrown if the extension was registered without a subject name | 
| NotFound | Thrown if no extension is associated with the given key | 
| RuntimeFault | Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error. | 
Events
| Type | |
|---|---|
| None | |
Show WSDL type definition
Logout(logout)
Log out and terminate the current session.- Required Privileges
- System.View
Parameters
| Name | Type | Description | 
|---|---|---|
| _this | ManagedObjectReference | A reference to the SessionManager used to make the method call. | 
Return Value
| Type | Description | 
|---|---|
| None | |
Faults
| Type | Description | 
|---|---|
| RuntimeFault | Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error. | 
Events
| Type | |
|---|---|
| None | |
Show WSDL type definition
SessionIsActive(sessionIsActive)
Validates that a currently-active session exists with the specified sessionID and userName associated with it. Returns true if session exists.- Required Privileges
- Sessions.ValidateSession
- Since
- VI API 2.5
Parameters
| Name | Type | Description | 
|---|---|---|
| _this | ManagedObjectReference | A reference to the SessionManager used to make the method call. | 
| sessionID | xsd:string | Session ID to validate.
      
Since VI API 2.5 | 
| userName | xsd:string | User name to validate.
      
Since VI API 2.5 | 
Return Value
| Type | Description | 
|---|---|
| xsd:boolean | 
Faults
| Type | Description | 
|---|---|
| RuntimeFault | Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error. | 
Events
| Type | |
|---|---|
| None | |
Show WSDL type definition
SetLocale(setLocale)
Sets the session locale.- Required Privileges
- System.View
Parameters
| Name | Type | Description | 
|---|---|---|
| _this | ManagedObjectReference | A reference to the SessionManager used to make the method call. | 
| locale | xsd:string | A two-character ISO-639 language ID (like "en")
                optionally followed by an
                underscore and a two-character ISO 3166 country ID (like "US"). Examples are "de", "fr_CA", "zh", "zh_CN", and "zh_TW". Note: The method uses the server default locale when a locale is not provided. This default can be configured in the server configuration file. If unspecified, it defaults to the locale of the server environment or English ("en") if unsupported.Since 2.0 | 
Return Value
| Type | Description | 
|---|---|
| None | |
Faults
| Type | Description | 
|---|---|
| InvalidLocale | Thrown if the locale is invalid or unknown to the server. | 
| RuntimeFault | Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error. | 
Events
| Type | |
|---|---|
| None | |
Show WSDL type definition
TerminateSession(terminate)
Log off and terminate the provided list of sessions.This method is only transactional for each session ID. The set of sessions are terminated sequentially, as specified in the list. If a failure occurs, for example, because of an unknown sessionID, the method aborts with an exception. When the method aborts, any sessions that have not yet been terminated are left in their unterminated state.
- Required Privileges
- Sessions.TerminateSession
Parameters
| Name | Type | Description | 
|---|---|---|
| _this | ManagedObjectReference | A reference to the SessionManager used to make the method call. | 
| sessionId | xsd:string[] | A list of sessions to terminate.
      
Since 2.0 | 
Return Value
| Type | Description | 
|---|---|
| None | |
Faults
| Type | Description | 
|---|---|
| NotFound | Thrown if a sessionId could not be found as a valid logged-on session. | 
| RuntimeFault | Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error. | 
Events
| Type | |
|---|---|
| None | |
Show WSDL type definition
UpdateServiceMessage(updateMessage)
Updates the system global message. If not blank, the message is immediately displayed to currently logged-on users. When set, the message is shown by new clients upon logging in.- Required Privileges
- Sessions.GlobalMessage
Parameters
| Name | Type | Description | 
|---|---|---|
| _this | ManagedObjectReference | A reference to the SessionManager used to make the method call. | 
| message | xsd:string | The message to send. Newline characters may be included.
      
Since 2.0 | 
Return Value
| Type | Description | 
|---|---|
| None | |
Faults
| Type | Description | 
|---|---|
| RuntimeFault | Thrown if any type of runtime fault is thrown that is not covered by the other faults; for example, a communication error. | 
Events
| Type | |
|---|---|
| None | |
Show WSDL type definition
| Top of page | Local Properties | Local Methods | |
| Managed Object Types | Data Object Types | All Properties | All Methods | 
