Solved: CA Siteminder SSO integration with ISE sponsor portal

scott.balek · ‎12-13-2016

I am trying get my guest sponsor portal in ISE to use SSO with CA Siteminder (aka CA Single Sign-On). I know that CA Siteminder isn't on the official list of the six SSO products that have been tested to work with ISE, but it is SAML v2 compliant and in theory should work.

We are having some issues getting the integration to work, likely due to some issues with the attribute information being passed back and forth. So far no luck though.

We are running ISE 2.1 with the most recent patches.

hslai · ‎12-13-2016

I would suggest to open a TAC case as we would need the debug logs from your deployment and see how the IdP is configured in ISE.

If you have multiple PSNs, please simplify the initial testing and debugging to one of them.

ISE Admin web UI > Administration > System > Logging > Debug Log Configuration, select the PSN in testing, and change the logging level for the following:

guestaccess DEBUG

portal-web-action DEBUG

saml TRACE

Re-run the scenario and note the time of the run. Then, download ise-psc.log and guest.log.

View solution in original post

hslai · ‎12-13-2016