02-16-2016 11:29 PM
My company has developed an integration with WebEx Training Center. Currently we require users to provide their WebEx username and password, which we then include in each API call.
This does not work for WebEx sites that are configured to use SAML single sign-on however.
We're investigating the possibility of supporting WebEx with SAML, and we have the below technical questions.
Audience
required?NotBefore
and/or NotOnOrAfter
conditions required?IssueInstant
and/or AuthnInstant
?NameID
(or other attribute) match the supplied webExID
?Thanks in advance for any and all help!
02-18-2016 10:17 PM
What do I need to do to get moderator approval? This was posted 2 days ago!
02-25-2016 12:55 PM
Hi Robert,
Apologies for the delay. For some reason, your original post did not send a notification and it doesn't show up on the forum. Posts don't normally need a moderator to approve them, so we'll look into what's going on with this post. We did get a notification for your comment on it, so we can see it now.
OAuth is specific to Common Identity (SparkMeet) sites, though you can get one time use login tickets for standard WebEx sites. I've included links to authentication specific calls in our documentation:
getSiteType will tell you if a site is Common Identity or otherwise: Cisco DevNet: WebEx Conferencing - XML API - Release Notes
Audience is required for SP initiated. The "WebEx SAML Issuer (SP ID)" field in WebEx Site Admin must match the audience in the assertion exactly.
For IdP Initiated, the "Issuer for SAML (IdP ID)" field in WebEx Site Admin must match the issuer in the assertion exactly.
NotBefore and NotOnOrAfter are required.
IdMS should manage IssueInstant/AuthnInstant, but we do check those values.
The Assertion must be signed.
NameID can be username or email.
NameID Format: format of the NameID (username) specified in customer IdMS. If the value in WebEx is set to Unspecified, we would not check the Format in NameID and will accept all formats. However if it's set to anything other than Unspecified, the Format attribute in <NameID> has to match the values below.
NameID Formats | ||||||
---|---|---|---|---|---|---|
Name | Value | |||||
Unspecified | urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified | |||||
Email address | urn:oasis:names:tc:SAML:1.1:nameid- format:emailAddress or http://schemas.xmlsoap.org/claims/EmailAddress | |||||
X509 Subject Name | urn:oasis:names:tc:SAML:1.1:nameid- format:X509SubjectName | |||||
Entity Identifier | urn:oasis:names:tc:SAML:2.0:nameid- format:entity | |||||
Persistent Identifier | urn:oasis:names:tc:SAML:2.0:nameid- format:persistent |
Kasey
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide