cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
Register for the monthly ISE Webinars to learn about ISE configuration and deployment.
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

353
Views
0
Helpful
1
Replies
Highlighted
Beginner

ISE 2.1 SAML Integration problem with Azure

hi experts,

I'm currently having a problem when enabling SAML authentication with Azure on the Sponsor Portal.

The issue is that, the employee is not able to see his sponsor pending accounts.

After debugging, I found that the attribute that we are using is: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name . However, this claim is returning the email with the following format: John.Smith@company.com. If the guest goes to the self-registration portal and type the email in the same format as above (matching the uppercase letters), the sponsor account is able to see the pending account. However, if the guest types the email in lower case format, it doesn't work.

I've tried other claims, but from the logs there's no response from those attributes:

"claims used"

2017-04-24 16:47:16,186 DEBUG  [http-bio-10.156.92.142-8443-exec-11][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [SAMLAttributesParser:readDict]: read Dict attribute=<http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn>

2017-04-24 16:47:16,186 DEBUG  [http-bio-10.156.92.142-8443-exec-11][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [SAMLAttributesParser:readDict]: read Dict attribute=<http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name>

2017-04-24 16:47:16,186 DEBUG  [http-bio-10.156.92.142-8443-exec-11][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [SAMLAttributesParser:readDict]: read Dict attribute=<http://docs.oasis-open.org/imi/ns/token/saml2/200908/emailaddress>

2017-04-24 16:47:16,186 DEBUG  [http-bio-10.156.92.142-8443-exec-11][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [SAMLAttributesParser:readDict]: read Dict attribute=<http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress>

2017-04-24 16:47:16,186 DEBUG  [http-bio-10.156.92.142-8443-exec-11][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [SAMLAttributesParser:readDict]: read Dict attribute=<http://schemas.xmlsoap.org/ws/2005/05/identity/claims/windowsaccountname>

"result"

2017-04-24 16:47:16,187 DEBUG  [http-bio-10.156.92.142-8443-exec-11][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] attributeName=<Azure.emailaddress>, not recieved in response, caching with default value=<>

2017-04-24 16:47:16,187 DEBUG  [http-bio-10.156.92.142-8443-exec-11][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] attributeName=<Azure.email>, not recieved in response, caching with default value=<>

2017-04-24 16:47:16,187 DEBUG  [http-bio-10.156.92.142-8443-exec-11][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] attributeName=<Azure.upn>, not recieved in response, caching with default value=<>

2017-04-24 16:47:16,187 DEBUG  [http-bio-10.156.92.142-8443-exec-11][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] attributeName=<Azure.windowsaccountname>, not recieved in response, caching with default value=<>

2017-04-24 16:47:16,187 DEBUG  [http-bio-10.156.92.142-8443-exec-11][] cisco.cpm.saml.framework.SAMLSessionDataCache -::::- [storeAttributesSessionData] idStore=<Azure> userName=John.Smith@company.com>

Any ideas of any other claims I can use? or how to change the email format?

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ISE 2.1 SAML Integration problem with Azure

Is Patch 2 or above applied? This seems same as CSCvb14848.

1 REPLY 1
Cisco Employee

Re: ISE 2.1 SAML Integration problem with Azure

Is Patch 2 or above applied? This seems same as CSCvb14848.