[cisco-voip] Expressway MRA and SSO
nimloth at nimloth.pl
nimloth at nimloth.pl
Tue Feb 14 12:47:26 EST 2017
Dear Group,
I'm trying to enable SSO for Expressway MRA setup based on this
documentation:
https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_gu
ide/X8-9/Mobile-Remote-Access-via-Expressway-Deployment-Guide-X8-9.pdf
For IdP we're using AD FS 3.0 and what I'm really interested is in part on
page 43 (Active Directory Federation Services 2.0) - unfortunately no
success so far.
So here questions:
1) Does anyone have working solution with AD FS ?
2) Does it require same Custom Rules as for CUCM ?
c:[Type ==
"http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccount
<http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccount%0bna
me>
name"]=> issue(Type =
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
<http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name%0bidentifier>
identifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value =
c.Value,
ValueType = c.ValueType,
Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/
<http://schemas.xmlsoap.org/ws/2005/05/identity/%0bclaimproperties/format>
claimproperties/format"] =
"urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/n
ame
<http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/name%0bquali
fier>
qualifier"] = "http://
<http://%3cFQDN%20of%20ADFS%3e/com/adfs/services/trust> <FQDN of
ADFS>/com/adfs/services/trust", Properties
["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/spnamequali
fier"] =
"<FQDN of CUCM>");
Screenshots from working setup (AD FS rules) would be nice (can be private
if can't be send to group)
Hope someone have it working J
Many thanks,
Lukasz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20170214/618f060f/attachment.html>
More information about the cisco-voip
mailing list