You can now configure VMware Cloud Director as an identity provider proxy server. You can register an OAuth 2.0 OpenID Connect compliant Identity Provider with VMware Cloud Director, and relying parties can use VMware Cloud Director for tenant-aware authentication of users known to VMware Cloud Director.
When integrating VMware Cloud Director (VCD) with Active Directory Federation Services (ADFS), there are two approaches you can take: using the Tenant-based approach or the IDP Proxy-based approach.
Tenant-based ADFS Integration:
- In this approach, each VCD tenant has its own ADFS configuration and relies on its own ADFS instance for authentication and federation.
- The VCD system administrator sets up the ADFS configuration for each tenant individually.
- Tenants configure their own ADFS instance, including configuring trust relationships, claims, and authentication policies.
- Tenants manage their own ADFS infrastructure, including ADFS servers and certificates.
- This approach offers more flexibility to individual tenants but requires separate ADFS configurations for each tenant.
IDP Proxy-based ADFS Integration:
- With this approach, a central IDP Proxy is used to handle ADFS integration for multiple VCD tenants.
- The IDP Proxy acts as an intermediary between VCD and the ADFS infrastructure.
- VCD tenants do not need to configure their own ADFS instances individually. Instead, they leverage the shared IDP Proxy.
- The IDP Proxy handles the authentication and federation processes on behalf of the VCD tenants.
- The IDP Proxy can be configured to communicate with the appropriate ADFS instances based on the tenant’s authentication request.
- This approach simplifies ADFS management for VCD tenants as they only need to configure their authentication settings to use the IDP Proxy.
Both approaches have their advantages and considerations. The choice depends on the specific requirements and preferences of your organization.
The tenant-based approach provides more control and flexibility for individual tenants, while the IDP Proxy-based approach offers centralized management and simplification for the VCD system administrator.
It is recommended to evaluate the specific needs and constraints of your environment before selecting the appropriate approach for ADFS integration with VMware Cloud Director.
https://blogs.vmware.com/cloudprovider/2023/04/vmware-cloud-director-10-4-2-is-now-ga.html
