[cisco-voip] Expressway MRA and SSO

nimloth at nimloth.pl nimloth at nimloth.pl
Tue Feb 14 12:47:26 EST 2017


Dear Group,

 

I'm trying to enable SSO for Expressway MRA setup based on this
documentation:

https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_gu
ide/X8-9/Mobile-Remote-Access-via-Expressway-Deployment-Guide-X8-9.pdf

 

For IdP we're using AD FS 3.0 and what I'm really interested is in part on
page 43 (Active Directory Federation Services 2.0) - unfortunately no
success so far.

 

So here questions:

1)      Does anyone have working solution with AD FS ?

2)      Does it require same Custom Rules as for CUCM ?
c:[Type ==
"http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccount
<http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccount%0bna
me> 
name"]=> issue(Type =
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
<http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name%0bidentifier> 
identifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value =
c.Value,
ValueType = c.ValueType,
Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/
<http://schemas.xmlsoap.org/ws/2005/05/identity/%0bclaimproperties/format> 
claimproperties/format"] =
"urn:oasis:names:tc:SAML:2.0:nameid-format:transient", 
Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/n
ame
<http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/name%0bquali
fier> 
qualifier"] = "http://
<http://%3cFQDN%20of%20ADFS%3e/com/adfs/services/trust> <FQDN of
ADFS>/com/adfs/services/trust", Properties
["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/spnamequali
fier"] = 
"<FQDN of CUCM>");

 

Screenshots from working setup (AD FS rules)  would be nice (can be private
if can't be send to group)

 

Hope someone have it working J

 

Many thanks,

Lukasz

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20170214/618f060f/attachment.html>


More information about the cisco-voip mailing list