Listing Services registered with Single Sign-On (SSO) in vSphere 6

 

Listing SSO Services

 
Listing services in Single Sign-On is much different in vSphere 6 than it was in vSphere 5.5 or 5.1. Previously, you would run the ssolscli.cmd but now, you will need to run a Python script called lstool.py. The command to list all of the services registered with SSO 6 is below, you will need to open a cmd prompt and run this from the Platform Services Controller (PSC).
 

"C:\Program Files\VMware\vCenter Server\python\python.exe" "C:\Program Files\VMware\vCenter Server\VMware Identity Services\lstool\scripts\lstool.py" list --url http://localhost:7080/lookupservice/sdk

 

1

 
Once that is complete you should see output similar to the following:
 

 Name: The group check interface of the SSO server
 Description: The group check interface of the SSO server
 Service Product: com.vmware.cis
 Service Type: sso:groupcheck
 Service ID: default-first-site:6761b0d0-affc-42ec-b18f-e9c26b35fb1c
 Site ID: default-first-site
 Owner ID: psc1.vcloud.local@vsphere.local
 Version: 2.0
 Endpoints:
 Type: com.vmware.cis.cs.identity.groupcheck
 Protocol: vmomi
 URL: https://PSC1.vcloud.local/sso-adminserver/sdk/vsphere.local
 SSL trust: MIIDZTCCAk2gAwIBAgIJANsSYK5nnv94MA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNVBAMMAkNBMRcwFQYKCZImiZPyLGQBGRYHdnNwaGVyZTEVMBMGCgmSJomT8ixkARkWBWxvY2FsMQswCQYDVQQGEwJVUzENMAsGA1UECgwEUFNDMTAeFw0xNTAzMTIxNTQwNDNaFw0yNTAzMDYxNTQwNDNaMCkxGjAYBgNVBAMMEVBTQzEudmNsb3VkLmxvY2FsMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKp/XA1iFfqQxqWia3XKypWwF12n2YEEMhrbfIHgj0GGAjCVDYWljXCcBPsGtnenvtuQNRpuHtu1PYOaEcDIrZ4m4+1sChOjwQeIjyH3KVZbIQUFyL4+RbYgBIYW5NBdN94QeEP2brRgN13lPprk87Y6CEhneoMXOGX+5g+rznt6zPm4ecNKM5XxUfDnRl9Ehwu5RTowsuDkb2De2iLX5H5/kxy31KwK4e1BvCgTmmCeIto7hz5rgKf4jH+t7t/nzsVnxv3s29kcGOBDrrbpvR3Nagu208jONkhizCSvGXqFoQkaYEQpsWoQ+q6yOoVpT1hJQR33pQ6s419VFXylWqECAwEAAaNgMF4wHAYDVR0RBBUwE4IRUFNDMS52Y2xvdWQubG9jYWwwHQYDVR0OBBYEFGK0eV4iTBW455rtIwggu/vI3SoWMB8GA1UdIwQYMBaAFIVzGKz62YWFcy9TEO+GX3G/QIk1MA0GCSqGSIb3DQEBCwUAA4IBAQCoOlPsCUPjj4fswAWKrOH8JkPByhNjW2KrA5mUo1/tv+AozmInL0uutLF/U2hg8z7qBJgI9x4qJL7lHTcGiReOI/EzJxTo6j3R87RYSm3ZTWF9OsRfaXACWIbwQ5yUMvwadiGp6wdmqjj/GfwRRJY4rG48zEzCC5r6rbU+l7QHdRkLXagOv4uqnYuMK9g6Ut631e6xJwS6JzqReFqg5+UqTtlB2Rpe3cNi5nHx6ybZ96jdskxe/PjSqtQtf64OQqiettWwg5X8pajO4On7kWWcIzPs+VqtwOm22ae2ltAiTp6NoDVfi/QqS++dPs4R72F4eoo3DajeSHRVc/V54uUl
-------------------------------------------------------

 
As in 5.5. or 5.1, listing services registered to Single-Sign On is a great troubleshooting step to ensure that the lookup service is actually responding appropriately and is not having any issues. You can also use any of the arguments below like unregister services, register services, manage vSphere 5.5 services, or get service identifier information. I have provided an output of the possible syntax commands below.
 

list - List service registrations using specified search filter
--url URL - URL of lookup service
[--no-check-cert] - Don't validate the server SSL certificate.
[--as-spec] - Print service in spec file format.
[--id-only] - Output service ID(s) only.
[--product PRODUCT] - Service product value of search filter
[--type TYPE] - Service type value of search filter
[--node NODE] - Node identifier value of search filter
[--site SITE] - Site identifier value of search filter
[--ep-proto EP-PROTO] - Endpoint protocol value of search filter
[--ep-type EP-TYPE] - Endpoint type value of search filter

list55 - List VC55 service registrations using specified search criteria
--url URL - URL of lookup service
[--no-check-cert] - Don't validate the server SSL certificate.
[--as-spec] - Print service in spec file format.
[--id-only] - Output service ID(s) only.
[--type TYPE] - Service type value of search criteria

register - Register service
--url URL - URL of lookup service
--user USER - SSO user name
--password PASSWORD - SSO user password
--spec SPEC - Service spec file path
--id ID - Service identifier
[--no-check-cert] - Don't validate the server SSL certificate.

register55 - Register VC55 service; return service ID
--url URL - URL of lookup service
--user USER - SSO user name
--password PASSWORD - SSO user password
--spec SPEC - Service spec file path
[--no-check-cert] - Don't validate the server SSL certificate.

unregister - Delete service registration
--url URL - URL of lookup service
--user USER - SSO user name
--password PASSWORD - SSO user password
--id ID - Service identifier
[--no-check-cert] - Don't validate the server SSL certificate.

reregister - Update service registration
--url URL - URL of lookup service
--user USER - SSO user name
--password PASSWORD - SSO user password
--spec SPEC - Service spec file path
--id ID - Service identifier
[--no-check-cert] - Don't validate the server SSL certificate.

reregister55 - Update VC55 service registration
--url URL - URL of lookup service
--user USER - SSO user name
--password PASSWORD - SSO user password
--spec SPEC - Service spec file path
--id ID - Service identifier
[--no-check-cert] - Don't validate the server SSL certificate.

get - Get service by its identifier
--url URL - URL of lookup service
--id ID - Service identifier
[--as-spec] - Print service in spec file format.
[--no-check-cert] - Don't validate the server SSL certificate.

get55 - Get VC55 service by its identifier
--url URL - URL of lookup service
--id ID - Service identifier
[--as-spec] - Print service in spec file format.
[--no-check-cert] - Don't validate the server SSL certificate.

get-site-id - Get lookup service site identifier
--url URL - URL of lookup service
[--no-check-cert] - Don't validate the server SSL certificate.

 
Please let me know if you have any questions or comments!
 

Posted by:

Sean Whitney

3 Comments

  1. mordi -  April 5, 2016 - 12:44 am 451

    hey,

    Thanks for the article , great info!
    my question is how you list the services with VCSA ,

    Thanks

    Reply
  2. Dennis -  May 11, 2016 - 3:58 am 463

    Any information on how to do this with the vCenter Appliance?

    Reply
    • Chris Morrow -  May 17, 2016 - 5:00 pm 477

      Same as windows. The lstool.py script is located in /usr/lib/vmidentity/tools/scripts/ though.

      Reply

Leave A Comment

Your email address will not be published. Required fields are marked (required):

Back to Top