Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2688
Views
0
Helpful
2
Replies

WebEx SSO with ADFS 2.0 - External Connection fails

Go to solution
CHRIS KALETH
Level 5
Level 5

‎03-05-2014 05:22 AM

We have successfully configured SSO with WebEx and our ADFS 2.0 environment but it only works when we are in the office or connected to VPN.  When I click "host login" outside of our network I get the following error: Error: Reason:  Invalid SAML Assertion (13).  Thoughts?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
kinglewi
Cisco Employee
Cisco Employee

‎03-05-2014 08:59 AM

Hello,

The following support knowledge base article will have more information on this issue.  http://kb.webex.com/WBX54373.

The error indicates they have you may have the incorrect AuthnContextClassRef, which can be different if going through a proxy or if the account is external. To work around this problem WebEx will allow you to set multiple AuthnContextClassRefs on the WebEx site admin page that are separated by a semicolon It would look something like this

urn:federation:authentication:windows;urn:oasis:names:tc:SAML:2.0:ac:classes:Password

if you do not know what the value is for external users, I would try the above suggestion first. 

You can also try the following AuthnContextClassRef values:

urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos

If it still fails then we will need to see the assertion for one of the outside connection which is failing with the error 13.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
kinglewi
Cisco Employee
Cisco Employee

‎03-05-2014 08:59 AM

Hello,

The following support knowledge base article will have more information on this issue.  http://kb.webex.com/WBX54373.

The error indicates they have you may have the incorrect AuthnContextClassRef, which can be different if going through a proxy or if the account is external. To work around this problem WebEx will allow you to set multiple AuthnContextClassRefs on the WebEx site admin page that are separated by a semicolon It would look something like this

urn:federation:authentication:windows;urn:oasis:names:tc:SAML:2.0:ac:classes:Password

if you do not know what the value is for external users, I would try the above suggestion first. 

You can also try the following AuthnContextClassRef values:

urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos

If it still fails then we will need to see the assertion for one of the outside connection which is failing with the error 13.

0 Helpful

Go to solution
CHRIS KALETH
Level 5
Level 5
In response to kinglewi

‎03-05-2014 09:38 AM

Perfect!  That did the trick.

Previous Config:  urn:federation:authentication:windows

New Config: urn:federation:authentication:windows;urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

0 Helpful
Customers Also Viewed These Support Documents