Contents. Introduction. Prerequisites. Requirements. Components Used



Similar documents
VMware Identity Manager Integration with Active Directory Federation Services 2.0

CONFIGURATION GUIDE WITH MICROSOFT ACTIVE DIRECTORY FEDERATION SERVER

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

AWS Management Portal for vcenter. User Guide

T his feature is add-on service available to Enterprise accounts.

ADFS Integration Guidelines

Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML

Microsoft Office 365 Using SAML Integration Guide

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

360 Online authentication

Lifesize Cloud Table of Contents

Security Assertion Markup Language (SAML) Site Manager Setup

Configuring Active Directory with AD FS and SAML for Brainloop Secure Dataroom Setup Guide

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

CA Nimsoft Service Desk

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Active Directory Federation Services

SAML-Based SSO Solution

Enabling Single Sign- On for Common Identity using F5

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

Ensure that your environment meets the requirements. Provision the OpenAM server in Active Directory, then generate keytab files.

ADFS for. LogMeIn and join.me authentication

Configuring EPM System for SAML2-based Federation Services SSO

SURFconext for SharePoint 2010 Setup guide

SAML 2.0 Configurations at SAP NetWeaver AS ABAP and Microsoft ADFS

ACTIVID APPLIANCE AND MICROSOFT AD FS

OneLogin Integration User Guide

Cloud Services ADM. Agent Deployment Guide

Moodle and Office 365 Step-by-Step Guide: Federation using Active Directory Federation Services

How to install and use the File Sharing Outlook Plugin

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

SAML-Based SSO Solution

Basic Exchange Setup Guide

SAM Context-Based Authentication Using Juniper SA Integration Guide

Configuration Task 3: (Optional) As part of configuration, you can deploy rules. For more information, see "Deploy Inbox Rules" below.

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

AvePoint Meetings for SharePoint On-Premises. Installation and Configuration Guide

Setting Up SSL on IIS6 for MEGA Advisor

AD FS 2.0 Step-by-Step Guide: Federation with Shibboleth 2 and the InCommon Federation

Active Directory Management. Agent Deployment Guide

Unity Error Message: Your voic box is almost full

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

Single Sign On. Configuration Checklist for Single Sign On CHAPTER

This section includes troubleshooting topics about single sign-on (SSO) issues.

Setup guide. TELUS AD Sync

Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications

Protected Trust Directory Sync Guide

Connected Data. Connected Data requirements for SSO

Installing Exchange and Extending the Active Directory Schema for Cisco Unity 8.x

Verify LDAP over SSL/TLS (LDAPS) and CA Certificate Using Ldp.exe

Single Sign On. Configuration Checklist for Single Sign On CHAPTER

Moving Exchange Message Stores and Transaction Logs to an Alternate Drive

Workspot Configuration Guide for the Cisco Adaptive Security Appliance

Step-By-Step Guide to Deploying Lync Server 2010 Enterprise Edition

Egnyte Single Sign-On (SSO) Installation for OneLogin

Changing Passwords in Cisco Unity 8.x

Installation Guide. . All right reserved. For more information about Specops Inventory and other Specops products, visit

Configure Microsoft Dynamics AX Connector for Mobile Applications

NovaBACKUP xsp Version 15.0 Upgrade Guide

HP Software as a Service. Federated SSO Guide

Dell Command Integration Suite for System Center Version 4.1. Installation Guide

Smart Auditor 1.3 Installation and Configuration

Specops Command. Installation Guide

SecureAware on IIS8 on Windows Server 2008/- 12 R2-64bit

Install MS SQL Server 2012 Express Edition

INSTALLATION INSTRUCTIONS FOR UKSSOGATEWAY

Set Up Certificate Validation

Abstract. These Application Notes provide information for the setup, configuration, and verification of this solution.

Installation and Configuration Guide

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Basic Exchange Setup Guide

Exostar LDAP Proxy / Secure Setup Guide. This document provides information on the following topics:

White Paper. Fabasoft Folio Thin Client Support. Fabasoft Folio 2015 Update Rollup 2

How To Install The Snow Active Directory Discovery Service On Windows (Windows) (Windows 7) (Powerbook) (For Windows) (Amd64) (Apple) (Macintosh) (Netbook) And (Windows

Agenda. How to configure

Fairsail. Implementer. Single Sign-On with Fairsail and Microsoft Active Directory Federation Services 2.0. Version 1.92 FS-SSO-XXX-IG R001.

Cox Managed CPE Services. RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft]

Setting Up Resources in VMware Identity Manager

TIB 2.0 Administration Functions Overview

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

Creating and Issuing the Workstation Authentication Certificate Template on the Certification Authority

Egnyte Single Sign-On (SSO) Installation for Okta

LAB: Enterprise Single Sign-On Services. Last Saved: 7/17/ :48:00 PM

Software Installation Requirements

User guide. Business

Active Directory Management. Agent Deployment Guide

CONFIGURING MICROSOFT SQL SERVER REPORTING SERVICES

VOIP-500 Series Phone CUCM 8.0.3a Integration Guide

TMS Phone Books Troubleshoot Guide

BlackBerry Enterprise Service 10. Version: Configuration Guide

ADFS 2.0 Application Director Blueprint Deployment Guide

IIS, FTP Server and Windows

Cisco SSL Encryption Utility

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

Using Microsoft Expression Web to Upload Your Site

Transcription:

Contents Introduction Prerequisites Requirements Components Used Configure Download AD FS Version 2.0 Identity Provider (IdP) Metadata Download Collaboration Server (SP) Metadata CUCM IM and Presence Service Unity Connection Cisco Prime Collaboration Provisioning Add CUCM as Relying Party Trust Add CUCM IM and Presence as Relying Party Trust Add UCXN as Relying Party Trust Add Cisco Prime Collaboration Provisioning as Relying Party Trust Verify Troubleshoot Introduction This document describes how to configure Active Directory Federation Service (AD FS) Version 2.0 in order to enable Security Assertion Markup Language (SAML) Single Sign-on (SSO) for Cisco Collaboration products like Cisco Unified Communications Manager (CUCM), Cisco Unity Connection (UCXN), CUCM IM and Presence, and Cisco Prime Collaboration. Prerequisites Requirements AD FS Version 2.0 must be installed and tested. Caution: This installation guide is based on a lab setup and AD FS Version 2.0 is assumed to be used only for SAML SSO with Cisco Collaboration products. In case it is used by other business-critical applications, then necessary customization must be done as per official Microsoft Documentation. Components Used The information in this document is based on these software and hardware versions: AD FS Version 2.0 Microsoft Internet Explorer 10 CUCM Version 10.5

Cisco IM and Presence Server Version 10.5 UCXN Version 10.5 Cisco Prime Collaboration Provisioning 10.5 The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command. Configure Download AD FS Version 2.0 Identity Provider (IdP) Metadata In order to download IdP metadata, run this link on you browser: https://<fqdn of ADFS>/FederationMetadata/2007-06/FederationMetadata.xml. Download Collaboration Server (SP) Metadata CUCM IM and Presence Service Open a web browser, log into CUCM as administrator, and navigate to System > SAML Single Sign On. Unity Connection Open a web browser, log into UCXN as administrator, and navigate to System Settings > SAML Single Sign On. Cisco Prime Collaboration Provisioning Open a web browser, log into Prime Collaboration Assurance as globaladmin, and navigate to Administration > System Setup > Single Sign On. Add CUCM as Relying Party Trust 1. Log into the AD FS server and launch AD FS Version 2.0 from the Microsoft Windows Programs menu. 2. Select Add Relying Party Trust.

3. Click Start. 4. Select the Import data about the relying party from a file option, choose the SPMetadata_CUCM.xml metadata file that you downloaded from CUCM earlier, and click Next.

5. Enter Display name and click Next. 6. Choose Permit all users to access this relying party and click Next.

7. Select Open the Edit Claim Rules dialog for thee relying party trust when the wizard closes and click Close. 8. Click Add Rule.

9. Click Next with default Claim rule template set to Send LDAP Attributes as Claims. 10. In Configure Rule, enter the Claim rule name, select Active Directory as the Attribute store, configure LDAP Attribute and Outgoing Claim Type as shown in this image, and click Finish. Note: - The Lightweight Directory Access Protocol (LDAP) attribute should match the Directory Sync attribute on CUCM. - uid should be in lower case.

11. Click Add Rule, select Send Claims Using a Custom Rule as the claim rule template, and click Next.

12. Enter a name for Claim rule name and copy this syntax in the space given under Custom rule: c:[type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccount name"]=> issue(type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name identifier", Issuer = c.issuer, OriginalIssuer = c.originalissuer, Value = c.value, ValueType = c.valuetype, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/ claimproperties/format"] = "urn:oasis:names:tc:saml:2.0:nameid-format:transient", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/name qualifier"] = "http://<fqdn of ADFS>/com/adfs/services/trust", Properties ["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/spnamequalifier"] = "<FQDN of CUCM>"); Note: - CUCM and ADFS Fully Qualified Domain Name (FQDN) is prepopulated with the lab CUCM and AD FS in this example and must be modified to match your environment. - FQDN of CUCM/ADFS are case-sensitive and must match with the metadata files. 13. Click Finish. 14. Click Apply and then OK. 15. Restart the AD FS Version 2.0 service from Services.msc.

Add CUCM IM and Presence as Relying Party Trust 1. Repeat Steps 1 to 11 as described for Add CUCM as Relying Party Trust and proceed to Step 2. 2. Enter a name for Claim rule name and copy this syntax in the space given under Custom rule: c:[type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccount name"]=> issue(type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name identifier", Issuer = c.issuer, OriginalIssuer = c.originalissuer, Value = c.value, ValueType = c.valuetype, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/ claimproperties/format"] = "urn:oasis:names:tc:saml:2.0:nameid-format:transient", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/name qualifier"] = "http://<fqdn of ADFS>/com/adfs/services/trust", Properties ["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/spnamequalifier"] = "<FQDN of IMP>"); Notice that IM and Presence and AD FS FQDN is prepopulated with the lab IM and Presence and AD FS in this example and must be modified to match your environment. 3. Click Finish.

4. Click Apply and then OK. 5. Restart the AD FS Version 2.0 service from Services.msc. Add UCXN as Relying Party Trust 1. Repeat Steps 1 to 12 as described for Add CUCM as Relying Party Trust and proceed to Step 2. 2. Enter a name for Claim rule name and copy this syntax in the space given under Custom rule c:[type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccount name"]=> issue(type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name identifier", Issuer = c.issuer, OriginalIssuer = c.originalissuer, Value = c.value, ValueType = c.valuetype, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/ claimproperties/format"] = "urn:oasis:names:tc:saml:2.0:nameid-format:transient", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/name qualifier"] = "http://<fqdn of ADFS>/com/adfs/services/trust", Properties ["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/spnamequalifier"] = "<FQDN of UCXN>"); Notice that UCXN and AD FS FQDN is prepopulated with the lab UCXN and ADFS in this example and must be modified to match your environment.

3. Click Finish. 4. Click Apply and then OK. 5. Restart the AD FS Version 2.0 service from Services.msc. Add Cisco Prime Collaboration Provisioning as Relying Party Trust 1. Repeat Steps 1 to 12 as described for Add CUCM as Relying Party Trust and proceed to Step 2. 2. Enter a name for Claim rule name and copy this syntax in the space given c:[type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccount name"]=> issue(type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name identifier", Issuer = c.issuer, OriginalIssuer = c.originalissuer, Value = c.value, ValueType = c.valuetype, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/ claimproperties/format"] = "urn:oasis:names:tc:saml:2.0:nameid-format:transient", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/name qualifier"] = "http://<fqdn of ADFS>/com/adfs/services/trust", Properties ["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/spnamequalifier"] = "<FQDN of PCP>"); Notice that Prime Provisioning and AD FS FQDN is prepopulated with the lab Prime

Collaboration Provisioning (PCP) and AD FS from this example and must be modified to match your environment. 3. Click Finish. 4. Click Apply and then OK. 5. Restart the AD FS Version 2.0 service from Services.msc. Once you set up AD FS Version 2.0, proceed to enable SAML SSO on Cisco Collaboration products. Verify There is currently no verification procedure available for this configuration. Troubleshoot There is currently no specific troubleshooting information available for this configuration.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information