Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
3319
Views
0
Helpful
6
Replies

CRES and SAML

johnsmith1000
Level 1
Level 1

‎05-25-2013 03:49 AM

The CRES Admin Guide (v4.1), on page 2-28, while describing SAML configuration, it refers to the following Identity Providers:

Web Security Appliance

PingFederate

Are these the only two supported IDP's or any SAML 2.0 IDP is supported? Well, the doc actually states "PingFederate equivalents". I'm just double checking the support level.

If there are folks out there who have used CRES with SAML, could you provide comments on your experience? Are things working reasonably smooth with SAML?

Thanks.

Labels:
0 Helpful
6 Replies 6

Alvaro J Gordon-Escobar
Cisco Employee
Cisco Employee

‎05-25-2013 06:04 AM

Hello John,

While the CRES's implemention of SAML should work with various providers, CRES is only supported to work with the two that have been certified by the QA team.   However,  CS will work with customers, if they are trying to use a  different

Identity Provider than those supported.  If the Identity Provider fails to work, defects and feature requests can be filed to expand and enhance CRES's SAML implemention. 

"CRES should work with most SAML 2.0 identity providers. However, it is certified to work only with the

Cisco IronPort Web Security Appliance and PingFederate."

Regards,

-Alvaro

0 Helpful

johnsmith1000
Level 1
Level 1
In response to Alvaro J Gordon-Escobar

‎05-25-2013 11:47 AM

Thanks Alvaro. That makes sense.

My primary concern was if ADFS 2.0 (in SAML2.0 mode) is supported for CRES. From your response, I assume it should work.

If there is anyone out there who has actually used CRES with ADFS 2.0, would be great if you could share your experience.

Thanks.

0 Helpful

Jason Meyer
Level 1
Level 1
In response to johnsmith1000

‎06-25-2013 12:00 PM

We haven't done it but are planning on doing, so subscribing to this conversatoin.

0 Helpful

johnsmith1000
Level 1
Level 1
In response to Jason Meyer

‎06-28-2013 07:13 PM

Could you share which SAML IDP you are planning to use?

Regards,

Sent from Cisco Technical Support iPad App

0 Helpful

Jason Meyer
Level 1
Level 1
In response to johnsmith1000

‎07-10-2013 11:39 AM

We plan on using Microsoft ADFS.

0 Helpful

trbergill99
Level 1
Level 1
In response to Jason Meyer

‎07-17-2013 12:43 AM

Hi

We are planning to use Microsoft ADFS as IdP as well.

Do anyone have a sample of a SAML Respons that the CRES web site accept?

What information is needed in the respons?

I think the trick is to get the claims in ADFS defined correctly, and it may not be straight forward.

Regards

TB

0 Helpful
Top