Introduction
Cisco provides many services in different form. As an end user, I want to sign on once for all of my Cisco Services. I want to find and manage my contacts from any of my Cisco application and devices, leveraging all possible sources (Corporate Directory, Outlook, Mobile contacts, Facebook, LinkedIn, History) and have them rendered in a common and consistent way which provides me with the information I need to know their availability and how best to contact them.
Singlo Sign On using SAML basically targets at this requirement. Through SAML/SSO we provide the baility to log into multiple devices through a common account and authorization identity called the IDP.
The overall objective of this work is to provide a scalable and standards based Single Sign On mechanism for our Unified Communications products. Single Sign On provides for a better user experience as the user needs to enter their authentication credentials only once for access to different UC services.
In order to create such solution, common Identity Infrastructure could be provided and has been agreed to take up on. As a outcome of this, Common Identity Stack Architecture (CIS) has been proposed and decided to have following functionalities:
o Common Identity/Directory Source
o SAML Base authentication
o SSO via SAML
o OAuth base Authorization
So here is how the flow works when using SAML/SSO with CUCM10.x and ADFS2.0
1. We create an SAML integration between CUCM10.x and ADFS.
2. When you try to log on to the CUCM admin page or user page the request is redirected to the IDP (adfs).
3. The IDP then prompts to enter the credentials for login.
4. Once the credentials are authorized it redirects us back to CUCM.
Prerequisites
In order to configure SAML/SSO with CUCM 10.x and ADFS2.0 as the IDP following are the prerequisites:
- DNS server and DNS enabled in the network.
- LDAP integration of CUCM with an Active Directory server.
- An Active Directory server running Active Directory Federation Service version 2.0 (adfs2.0).
Components Used
- Windows 2008R2 server with Active Directory and domain controller roles.
- Active Directory Federation service version 2.0 on one of the Active Directories within the domain.
- CUCM version 10.x.
- DNS server.
Configure
- Attached with the dosument is a video which talks about configuring SAML/SSO with cucm 10.x and adfs2.0. The first video talks about installation of ADFS on a windows 2008 R2 server with AD. The second video contains the integration steps. ADFS2.0 installation video can be found on the following URL: https://supportforums.cisco.com/video/12155571/cucm-10x-samlsso-adfs20-installation
- Also attached is a small troubleshooting guide to help you find the Claim Rules.
- A configuration guide pdf is attached as well.
- The call manager image used in the video is CUCM 10.0.0.98000-309.
