cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2667
Views
20
Helpful
10
Replies

How to setup SAML SSO authentication in Expressway C

Yenosh
Level 1
Level 1

How to setup SAML SSO authentication in Expressway C.

We want jabber users to login using SSO , can any one please guide how to enable it on expresscways

SSO enabled in CUCM cluster

2 Accepted Solutions

Accepted Solutions

This is outlined in the MRA configuration guide. See this link for details on this. https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/expressway/config_guide/X12-7/exwy_b_mra-deployment/exwy_m_basic-configuration.html#task_A458A57F311E876761D31B48B30F5AD5

Basically it is these steps.

  1. Export the SAML metadata from your Expressway
  2. Configure a trust in the Identity Provider (IdP)
  3. Import the SAML Metadata from the IdP
  4. Associate Domains with an IdP

 



Response Signature


View solution in original post

Yenosh
Level 1
Level 1

Hi all,

Thank for sharing the links to good docs, Please have a look on my obeservation

1) Export the SAML Metadata from the Expressway-C
2) import expressway file to Identity Provider( We are not handling IDP other team taking care of it, as it needs to be done by other tea,)
3) Import the SAML Metadata from the IdP and export to Expressway C
4) In Expressway-C, associate the domain to the Identity Provider.
5) Setauthetication path to :SAML SSO authentication/SAML SSO and UCM/LDAP.

Traversal zones are already configured inboth E and C.

As SSO enabled on call manager , so is it ok export SAML meta data file from call manager and import to Expressway C? or do I need to proceed with export the Metadata from the Expressway-C as it contains hostname of Expressway C.

View solution in original post

10 Replies 10

This is outlined in the MRA configuration guide. See this link for details on this. https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/expressway/config_guide/X12-7/exwy_b_mra-deployment/exwy_m_basic-configuration.html#task_A458A57F311E876761D31B48B30F5AD5

Basically it is these steps.

  1. Export the SAML metadata from your Expressway
  2. Configure a trust in the Identity Provider (IdP)
  3. Import the SAML Metadata from the IdP
  4. Associate Domains with an IdP

 



Response Signature


Great doc, thankyou. Do you have to set up SAML SSO on both nodes in the cluster, please or just primary as per CUCM? 

This is a cluster wide setting, so you should only do it on the designated master node.



Response Signature


Thankyou , is it a cluster wide setting on UCCX also , please ? 

Yes.



Response Signature


Yenosh
Level 1
Level 1

Hi all,

Thank for sharing the links to good docs, Please have a look on my obeservation

1) Export the SAML Metadata from the Expressway-C
2) import expressway file to Identity Provider( We are not handling IDP other team taking care of it, as it needs to be done by other tea,)
3) Import the SAML Metadata from the IdP and export to Expressway C
4) In Expressway-C, associate the domain to the Identity Provider.
5) Setauthetication path to :SAML SSO authentication/SAML SSO and UCM/LDAP.

Traversal zones are already configured inboth E and C.

As SSO enabled on call manager , so is it ok export SAML meta data file from call manager and import to Expressway C? or do I need to proceed with export the Metadata from the Expressway-C as it contains hostname of Expressway C.

Your description looks ok.
About CUCM-SSO: This has nothing to do with setting up SSO on Expressways, so you don't need to do anything with CUCM.

Thanks, I will work on it and let you know if it works or not

On your question about CM SSO, there is no part in that setup that has any correlation with the SAML metadata from the Expressway C. CM has its own SAML metadata and its own trust in the IdP. On your second part of that section I’m afraid that I don’t really understand what you’re asking about. Would you please mind to clarify?



Response Signature