The other day I was finalizing a vCAC setup I was toying with in my lab and wanted to explore a little bit further in the customization options available.
One thing that gets immediately noticed when you try to log in into your vCAC tenant is that you get redirected to your SSO host to perform the authentication, and the login page is quite anonymous and strongly VMware branded, I wanted to change the aspect of it to something more custom and add the Go SDDC robot logo.
I found out that one of my fellow GTS colleagues Andrea Siviero already explored the branding possibilities of that page so I decided to write a quick tutorial around his findings.
These modifications are absolutely NOT SUPPORTED by VMware, they should be harmless but may disappear at any time, I strongly warn you about making these modifications in a production environment.
Andrea discovered that it’s possible to brand the SSO login page per tenant by changing the
vmwSTSBrandName property inside the SSO LDAP tree, let’s see how we can modify that in our environment.
First of all, we will need a LDAP browser, I personally use JXplorer as it’s free and works on every platform, but as usual, pick your favorite.
Once opened, you’ll need to configure JXplorer to point to the SSO LDAP directory, these are the defaults (should work for everybody):
Host: <SSO hostname or ip> Port: 11711 Protocol: LDAP v3 Base DN: dc=vsphere,dc=local Security Level: User + Password User DN: cn=Administrator,cn=Users,dc=vsphere,dc=local Password: <SSO Administrator password>
And make sure to save your connection as template for easy reuse.
Once you click
OK you should see the SSO LDAP tree appear, browse to
Services > IdentityManager > Tenants and you’ll find your vCAC tenants (mine is called
gosddc) click on the tenant name and on the right pane you’ll see the LDAP attributes of that node, including
vmwSTSBrandName which is the one we’re interested in.
Now switch to
Table Editor on the top tab and by double-clicking on
vmwSTSBrandName value you’ll be able to modify the branding code of the page, once you’re done editing, click
OK and click
Submit, this will record the modification in the LDAP tree.
Once you made the modification permanent, log out of your tenant and try to log in again, the new SSO page should appear, if it doesn’t, make sure you empty the cache of your browser, this is my branded tenant login page:
And it’s really that simple! very easy to test as modifications are picked up immediately without the need to restart any process or service, the only thing that is probably worth repeating is that this customization is NOT SUPPORTED by VMware and should not be used in production.