Solved: ISE and ADFS Dot1x saml assertion support

maufuent · ‎12-14-2017

We have a client whom authenticate WiFi clients using AD credentials. This is, WLC pointing to ISE as a radius Server, and the latter is looking up in the AD Tree.

They are moving all their services to SSO authentication using ADFS, and they are asking us to integrate ISE (version 2.2x) with it.

I understand there is ISE Guest/Sponsor Portal integration with at least Ping Federate and ADFS as SAML servers, and I have documentation about it. But I don’t know if the same process is possible with plain 802.1x, and replacing the Identity source from AD to SAML.

Besides, which are the attributes we need to pass from their ADFS server to ISE?

Is there documentation about this? I am looking for it, but I can’t found anything.

Cisco Partner Help says it is possible at first, citing Microsoft information, but is very light.

thanks in advanced

Mauricio

Jason Kunst · ‎12-14-2017

I Just conversed with our sme hslai she said you need to reach out to our product manager For authentication sources surasky and asked for the feature support

View solution in original post

Jason Kunst · ‎12-14-2017

What is the flow you’re expecting?

Saml sso stores tokens for web browser logins, if you access one portal then the other portals should use same token so you only have to log into one portal and the rest are automatic

Are you asking once you login via Dot1x that a saml assertion will be created for the portals so you don’t have to login to them?

Jason Kunst · ‎12-14-2017

I Just conversed with our sme hslai she said you need to reach out to our product manager For authentication sources surasky and asked for the feature support