Solved: Re: How to setup SAML SSO authentication in Expressway C

Yenosh · ‎11-24-2022

How to setup SAML SSO authentication in Expressway C.

We want jabber users to login using SSO , can any one please guide how to enable it on expresscways

SSO enabled in CUCM cluster

Roger Kallberg · ‎11-24-2022

This is outlined in the MRA configuration guide. See this link for details on this. https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/expressway/config_guide/X12-7/exwy_b_mra-deployment/exwy_m_basic-configuration.html#task_A458A57F311E876761D31B48B30F5AD5

Basically it is these steps.

Export the SAML metadata from your Expressway
Configure a trust in the Identity Provider (IdP)
Import the SAML Metadata from the IdP
Associate Domains with an IdP

View solution in original post

Yenosh · ‎12-01-2022

Hi all,

Thank for sharing the links to good docs, Please have a look on my obeservation

1) Export the SAML Metadata from the Expressway-C
2) import expressway file to Identity Provider( We are not handling IDP other team taking care of it, as it needs to be done by other tea,)
3) Import the SAML Metadata from the IdP and export to Expressway C
4) In Expressway-C, associate the domain to the Identity Provider.
5) Setauthetication path to :SAML SSO authentication/SAML SSO and UCM/LDAP.

Traversal zones are already configured inboth E and C.

As SSO enabled on call manager , so is it ok export SAML meta data file from call manager and import to Expressway C? or do I need to proceed with export the Metadata from the Expressway-C as it contains hostname of Expressway C.

View solution in original post

Roger Kallberg · ‎11-24-2022

This is outlined in the MRA configuration guide. See this link for details on this. https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/expressway/config_guide/X12-7/exwy_b_mra-deployment/exwy_m_basic-configuration.html#task_A458A57F311E876761D31B48B30F5AD5

Basically it is these steps.

Export the SAML metadata from your Expressway
Configure a trust in the Identity Provider (IdP)
Import the SAML Metadata from the IdP
Associate Domains with an IdP

SteveH1 · ‎02-24-2023

Great doc, thankyou. Do you have to set up SAML SSO on both nodes in the cluster, please or just primary as per CUCM?

Roger Kallberg · ‎02-24-2023

This is a cluster wide setting, so you should only do it on the designated master node.

SteveH1 · ‎02-24-2023

Thankyou , is it a cluster wide setting on UCCX also , please ?

Roger Kallberg · ‎02-24-2023

Yes.

b.winter · ‎11-25-2022

Additionally to what @Roger Kallberg post:
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/SAML_SSO_deployment_guide/12_5_1/cucm_b_saml-sso-deployment-guide-12_5/cucm_m_saml-sso-configuration-1251.html

Yenosh · ‎12-01-2022

Hi all,

Thank for sharing the links to good docs, Please have a look on my obeservation

1) Export the SAML Metadata from the Expressway-C
2) import expressway file to Identity Provider( We are not handling IDP other team taking care of it, as it needs to be done by other tea,)
3) Import the SAML Metadata from the IdP and export to Expressway C
4) In Expressway-C, associate the domain to the Identity Provider.
5) Setauthetication path to :SAML SSO authentication/SAML SSO and UCM/LDAP.

Traversal zones are already configured inboth E and C.

As SSO enabled on call manager , so is it ok export SAML meta data file from call manager and import to Expressway C? or do I need to proceed with export the Metadata from the Expressway-C as it contains hostname of Expressway C.

b.winter · ‎12-01-2022

Your description looks ok.
About CUCM-SSO: This has nothing to do with setting up SSO on Expressways, so you don't need to do anything with CUCM.

Yenosh · ‎12-01-2022

Thanks, I will work on it and let you know if it works or not

Roger Kallberg · ‎12-01-2022

On your question about CM SSO, there is no part in that setup that has any correlation with the SAML metadata from the Expressway C. CM has its own SAML metadata and its own trust in the IdP. On your second part of that section I’m afraid that I don’t really understand what you’re asking about. Would you please mind to clarify?