Support User Manuals

Cisco Systems 5.4.x Network Router User Manual

Open as PDF

of 424

8-18

User Guide for Cisco Digital Media Manager 5.4.x

OL-15762-05

Chapter8 Authentication and Federated Identity

Concepts

•

Generate assertions in which the SAML “UID” attribute is mapped to the local portion of an

authenticated user’s username.

•

Generate SAML responses that are no larger than 16K bytes. (CSCua10799)

•

Use a digital certificate from a well-known CA (but only if you will use HTTPS).

•

Include a “<SingleSignOnService>” entry with SOAP binding in its IdP metadata. For example:

<SingleSignOnService Location=http://idp.example.com/idp/SSO.sml2”

Binding=”urn:oasis:names:tc:SAML:2.0:bindings:SOAP”/>

In practice, these requirements limit your IdP to ones that we certify and

NO OTHER. We certify OpenAM, PingFederate, and Shibboleth.

(CSCua29696)

Configuration Workflow to Activate Federation (SSO) Mode

1.

Configure and set up an Active Directory server.

2.

Configure and set up a SAML 2.0-compliant IdP.

Note When you use a “fresh install” of Cisco DMS 5.3 (as opposed to an upgrade), your DMM appliance is configured

to use embedded authentication mode by default. But when you upgrade a DMM server that was already

configured for an earlier Cisco DMS release, it might use either embedded mode or LDAP mode.

3.

Obtain a digital certificate from a trusted CA and install it on your IdP.

4.

Use DMS-Admin to configure Cisco DMS for federation mode.

5.

Export SAML 2.0-compliant metadata from your DMM server and import it into your IdP.

6.

Export SAML 2.0-compliant metadata from your IdP and import it into your DMM server.

7.

Configure Active Directory exactly as you would in LDAP mode.

8.

Click Update to save your work, and then advance to the Synchronize Users property sheet.

9.

Synchronize DMM with your Active Directory server to populate the DMM user database.

Note You MUST configure at least one LDAP bookmark.

10.

Synchronize users exactly as you would in LDAP mode.

Note Whenever you change any setting or value on your IdP or any of your SPs, you must reestablish their

pairing to restore mutual trust among them.

11.

Click Update to save your work.

Authentication Scenarios for User Sessions in Federation (SSO) Mode

•

SSO Scenario 1—Trusted + Valid + Authorized

•

SSO Scenario 2—Trusted + Valid + NOT Authorized

•

SSO Scenario 3—Nothing Known

previous next