Cisco Systems 5.4.x Manual

Open as PDF

next previous

8-34

User Guide for Cisco Digital Media Manager 5.4.x

OL-15762-05

Chapter8 Authentication and Federated Identity

Procedures

Example: Configure OpenAM to Interoperate with Cisco DMS

Before You Begin

•

Obtain a digital identity certificate from a well-known CA, install it on your IdP host system, and

then enable SSL.

Procedure

Step 1

Configure

OpenAM to use

a datastore from

Active Directory,

unless it already

does so.

Note In Federation mode, we use a synchronization process to learn which usernames are valid in

your organization. Later and separately, we use an authentication process to verify user-login credentials. And

even though we expect most IdPs will source both of these services from a Microsoft Active Directory server,

your organization might use some other other LDAP system to authenticate user sessions. When this is the case,

you must install and configure an Active Directory server for synchronization use by Cisco DMS.

Otherwise, we cannot learn which usernames are valid. In turn, ordinary users cannot log in to Cisco DMS. To

prevent this outcome, you must replicate and synchronize a datastore between your new Active Directory server

and your existing LDAP server. Afterward, Cisco DMS can synchronize with the Active Directory datastore.

In OpenAM Web, choose Access Control > Top Level Realm > Data Stores.

Enter values to define the attributes of your Active Directory DataStore.

You might enter values for some of the attributes (like these ones, for example)...

LDAP Server: <IP_ADDRESS>:389

LDAP Bind DN: CN=Administrator,CN=Users,DC=win2003esx,DC=example,DC=com

LDAP Bind Password: *********

LDAP Organization DN: OU=SystemTest,DC=win2003esx,DC=example,DC=com

LDAP Users Search Attribute: sAMAccountName

LDAP Users Search Filter: (objectclass=user)

Authentication Naming Attribute: sAMAccountName

... while leaving other attribute values undefined.

Attribute Name Mapping: <Empty>

LDAP Groups Search Attribute: <Empty>

LDAP Groups Search Filter: <Empty>

LDAP Groups container Naming Attribute: <Empty>

LDAP Groups Container Value: <Empty>

Attribute Name of Unqiue Member: <Empty>

LDAP People Container Naming Attribute: <Empty>

LDAP People Container Value: <Empty>

Persistent Search Base DN: <Empty>

Persistent Search Filter: <Empty>

Note These are merely examples.

Click Federation, and then click your IdP server instance—for example, dmsIdp.

Click Assertion Processing.

Change the IDP Attribute Map value from UID=uid to UID=sAMAccountName.