https://community.cisco.com/t5/collaboration-applications/webex-meeting-sso-existing-usernames-in-different-formats/m-p/2571733#M2909 <P>Hi Teemu,</P><P>&nbsp;</P><P>Please review CWMS Singe Sign-On Planning Guide where all the details about CWMS SSO is documented.&nbsp;<A href="http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_01001.html#reference_9C2B22F088AC419490ABA90B446C1C8D">http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_01001.html#reference_9C2B22F088AC419490ABA90B446C1C8D</A></P><P>For NameID mapping, you will see that CWMS requires e-mail address mapping:&nbsp;</P><P>&nbsp;</P><UL style="color: rgb(0, 0, 0); font-family: Arial, Helvetica, sans-serif; font-size: 12px; line-height: 14.3999996185303px;"><LI style="margin-top: 0.5em; margin-bottom: 0.5em; line-height: 1.2em;"><P style="font-size: 1em; margin-top: 0.5em; margin-bottom: 0.5em; line-height: 1.2em;">It is mandatory for the SAML Assertion to carry the email address in the NameID field. Without this step, user authentication and account creation fail because Cisco WebEx Meetings Server does not permit the creation of user accounts without an associated email address.</P></LI></UL><P>&nbsp;</P><P>If you by any chance use something else and not e-mail address, CWMS might let you create the account, but you might most likely experience issues with Productivity Tools authentication and other issues. We've seen this happening in the field and there was&nbsp;a defect submitted that was resolved in 2.5 MR1 that will prevent account creation if NameID isn't e-mail address: "<STRONG>CSCus04261 </STRONG>SSO allows for NameID to be content besides email address"</P><P>I hope this helps.</P><P>-Dejan</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 09 Jan 2015 13:26:02 GMT dpetrovi 2015-01-09T13:26:02Z https://community.cisco.com/t5/collaboration-applications/webex-meeting-sso-existing-usernames-in-different-formats/m-p/2571732#M2908 <P>Hello,</P><P>&nbsp;</P><P>we currently have a Webex Meeting site with local authentication (i.e. no single sign-on). On the site there are existing usernames in two different formats: "John Doe" and "jane.doe@domain.tld".</P><P>&nbsp;</P><P>We'd now like to set&nbsp;up single-sign on. I can successfully set up SSO on a test site&nbsp;using MS ADFS 2.0 so that either "John Doe" or "jane.doe@domain.tld" can log in. This is done in ADFS claim rules by mapping either Display-Name or&nbsp;E-Mail-Addresses to&nbsp;Name ID.</P><P>&nbsp;</P><P>Is there any way to make this work for both formats of usernames simultaneously? I have tried creating two mappings to the claim rule (both E-Mail-Addresses and Display-Name mapped to Name ID)&nbsp;and&nbsp;and two different claim rules but both seem to break SSO altogether.</P><P>&nbsp;</P><P>-Teemu</P> Sun, 17 Mar 2019 23:47:34 GMT https://community.cisco.com/t5/collaboration-applications/webex-meeting-sso-existing-usernames-in-different-formats/m-p/2571732#M2908 Teemu Pulliainen 2019-03-17T23:47:34Z https://community.cisco.com/t5/collaboration-applications/webex-meeting-sso-existing-usernames-in-different-formats/m-p/2571733#M2909 <P>Hi Teemu,</P><P>&nbsp;</P><P>Please review CWMS Singe Sign-On Planning Guide where all the details about CWMS SSO is documented.&nbsp;<A href="http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_01001.html#reference_9C2B22F088AC419490ABA90B446C1C8D">http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_01001.html#reference_9C2B22F088AC419490ABA90B446C1C8D</A></P><P>For NameID mapping, you will see that CWMS requires e-mail address mapping:&nbsp;</P><P>&nbsp;</P><UL style="color: rgb(0, 0, 0); font-family: Arial, Helvetica, sans-serif; font-size: 12px; line-height: 14.3999996185303px;"><LI style="margin-top: 0.5em; margin-bottom: 0.5em; line-height: 1.2em;"><P style="font-size: 1em; margin-top: 0.5em; margin-bottom: 0.5em; line-height: 1.2em;">It is mandatory for the SAML Assertion to carry the email address in the NameID field. Without this step, user authentication and account creation fail because Cisco WebEx Meetings Server does not permit the creation of user accounts without an associated email address.</P></LI></UL><P>&nbsp;</P><P>If you by any chance use something else and not e-mail address, CWMS might let you create the account, but you might most likely experience issues with Productivity Tools authentication and other issues. We've seen this happening in the field and there was&nbsp;a defect submitted that was resolved in 2.5 MR1 that will prevent account creation if NameID isn't e-mail address: "<STRONG>CSCus04261 </STRONG>SSO allows for NameID to be content besides email address"</P><P>I hope this helps.</P><P>-Dejan</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 09 Jan 2015 13:26:02 GMT https://community.cisco.com/t5/collaboration-applications/webex-meeting-sso-existing-usernames-in-different-formats/m-p/2571733#M2909 dpetrovi 2015-01-09T13:26:02Z https://community.cisco.com/t5/collaboration-applications/webex-meeting-sso-existing-usernames-in-different-formats/m-p/2571734#M2910 <P>&gt;&nbsp;<SPAN style="font-size: 14px; line-height: 17.2799987792969px; background-color: rgb(249, 249, 249);">It is mandatory for the SAML Assertion to carry the email address in the NameID field.</SPAN></P><P><SPAN style="font-size: 14px; line-height: 17.2799987792969px; background-color: rgb(249, 249, 249);">So if I get this right, I don't really have any other option than changing the "John Doe" usernames&nbsp;to the email format (or letting auto-account-creation create new accounts for them).&nbsp;</SPAN></P><P><SPAN style="font-size: 14px; line-height: 17.2799987792969px; background-color: rgb(249, 249, 249);">Thank&nbsp;you&nbsp;for the response.</SPAN></P> Fri, 09 Jan 2015 13:54:29 GMT https://community.cisco.com/t5/collaboration-applications/webex-meeting-sso-existing-usernames-in-different-formats/m-p/2571734#M2910 Teemu Pulliainen 2015-01-09T13:54:29Z