Support User Manuals

Cisco Systems 5.4.x Network Router User Manual

Open as PDF

of 424

8-37

User Guide for Cisco Digital Media Manager 5.4.x

OL-15762-05

Chapter 8 Authentication and Federated Identity

Procedures

Step 2

Export SP

metadata from

Cisco DMS.

Export metadata from each SP that will participate in your Shibboleth CoT.

Tip

For Cisco DMS, see the “Export SP Metadata from DMM” topic.

Step 3

Import SP

metadata from

Cisco DMS.

Use SFTP or another method to save imported metadata where Shibboleth will access it:

/opt/shibboleth-idp/metadata/

.

Step 4

Log in remotely. Use SSH, remote desktop, VNC, or a direct console connection to log in remotely to the system

where you installed Shibboleth.

Step 5

Edit the attribute

filter file.

a.

Open /opt/shibboleth-idp/conf/attribute-filter.xml for editing.

b.

Change the attributeID value (at or near line 24) to uid.

<afp:AttributeRule attributeID="uid">

Step 6

Edit the attribute

resolver file.

a.

Open /opt/shibboleth-idp/conf/attribute-resolver.xml for editing.

b.

Find this section:

<!- ========================================== ->

<!- Attribute Definitions ->

<!- ========================================== ->

c.

Enter these lines after the Attribute Definitions section heading, at or near line 29.

<resolver:AttributeDefinition xsi:type="ad:Simple" id="uid"

sourceAttributeID="sAMAccountName">

<resolver:Dependency ref="myLDAP" />

<resolver:AttributeEncoder xsi:type="enc:SAML2String"

name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" />

<resolver:AttributeEncoder xsi:type="enc:SAML2StringNameID"

nameFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" />

</resolver:AttributeDefinition>

d.

Find this section:

<!- ========================================== ->

<!- Data Connectors ->

<!- ========================================== ->

e.

Enter these lines after the Data Connectors section heading, at or near line 288.

<resolver:DataConnector id="myLDAP" xsi:type="dc:LDAPDirectory"

xmlns="urn:mace:shibboleth:2.0:resolver:dc"

ldapURL="ldap://<YOUR_ACTIVE_DIRECTORY_SERVER_IP>"

baseDN="cn=<USERBASE>, dc=<HOSTNAME>, dc=<EXAMPLE>, dc=<COM>"

principal="cn=<ADMINISTRATOR_CN>, cn=<USERBASE>, dc=<HOSTNAME>,

dc=<EXAMPLE>, dc=<COM>"

principalCredential="<ADMINISTTRATOR_PASSWORD>">

<dc:FilterTemplate>

<![CDATA[

(sAMAccountName=$requestContext.principalName)

]]>

</dc:FilterTemplate>

<LDAPProperty name="java.naming.referral" value="follow"/>

</resolver:DataConnector>

previous next