cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

405
Views
0
Helpful
2
Replies
Highlighted
Beginner

ISE and ADFS Dot1x saml assertion support

We have a client whom authenticate WiFi clients using AD credentials. This is, WLC pointing to ISE as a radius Server, and the latter is looking up in the AD Tree.

They are moving all their services to SSO authentication using ADFS, and they are asking us to integrate ISE (version 2.2x) with it.

I understand there is ISE Guest/Sponsor Portal integration with at least Ping Federate and ADFS as SAML servers, and I have documentation about it. But I don’t know if the same process is possible with plain 802.1x, and replacing the Identity source from AD to SAML.

Besides, which are the attributes we need to pass from their ADFS server to ISE?

Is there documentation about this? I am looking for it, but I can’t found anything.

Cisco Partner Help says it is possible at first, citing Microsoft information, but is very light.

thanks in advanced

Mauricio

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ISE and ADFS

I Just conversed with our sme hslai  she said you need to reach out to our product manager For authentication sources surasky and asked for the feature support

2 REPLIES 2
Cisco Employee

Re: ISE and ADFS

What is the flow you’re expecting?

Saml sso stores tokens for web browser logins, if you access one portal then the other portals should use same token so you only have to log into one portal and the rest are automatic

Are you asking once you login via Dot1x that a saml assertion will be created for the portals so you don’t have to login to them?

Cisco Employee

Re: ISE and ADFS

I Just conversed with our sme hslai  she said you need to reach out to our product manager For authentication sources surasky and asked for the feature support