Tag - VMware

I was just in the middle of configuring a PSC 6.0 node’s VMCA as an intermediate CA and, in traditional fashion, went to request a certificate from a Windows Server 2008 R2 Microsoft CA using the web enrollment form (as per this VMware KB article). Oddly enough though my brand spanking new vSphere 6.0 machine and intermediate CA certificate templates were missing from the template selection drop down. I had a look around online and found that MS CA v3 certificate templates are not supported in the web enrollment form.

This isn’t a be all and end all post on converting your Windows-based SSO server to the Platform Services Controller appliance, although I found an issue when performing the migration. We kept receiving an “Update export failed” message when the appliance was deployed by the conversion wizard. We couldn’t understand why, and the appliance updaterunner.log file gave us no clues as to what it could be. Turns out, you must run the vcsa_setup.

I had a few issues getting vCloud Director and SAML federation playing nicely. By issues, I mean there wasn’t an explicit how-to in VMware’s doco. The big issues were group-based authentication and authenticating against a user’s email address instead of their UPN. Using the following article from pablovirtualization I was able to get vCloud Director federated to an ADFS SAML endpoint. https://pablovirtualization.wordpress.com/2015/01/13/vcloud-director-and-microsoft-ad-fs-active-director-federation-service-authentication/ This allowed users to login using their UPN. That’s all well and good until you need users to log into their account using their email address which may differ from their UPN.