cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
173
Views
0
Helpful
1
Replies

SAML configuration for ISE, can SSO Binding URL/Port be changed?

afrazer
Level 1
Level 1

Hi, 

I have and an environment with Microsoft Entra ID, providing SAML/SSO for administration access to ISE.     Internally this works, and administrators are able to login using their Entra Creds.

I also have Zscaler, and use the Client Portal to provide web based access to a variety of things for 3rd partys/contractors.  The Zscaler Client portal, only listens on port 443, and 80.     It can redirect traffic to to other ports internally.   However to do so, i'd need to be able to change the URL of the SSO binding.         

my ise server's host name is akl-01.radius.XXX.cloud and it reponds on 443 as expected.  The configuration provides this location for the SAML assertion.    You can see the base URL is the same.  and that is where i get unstuck. 

<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://akl-01.radius.XXXXX.cloud:8443/portal/SSOLoginResponse.action" index="0"/>

Is it possible for me to set up a different Host name for the assertion?       something like   akl-01.saml4radius.XXXX.cloud ?
If i coudl do this, it would allow me to do some redirections..  








1 Reply 1

Greg Gibbs
Cisco Employee
Cisco Employee

The Assertion is bound to the portal and the respective interface. The only way I can think of that might work would be to enable a second interface on ISE, create a static host entry for that interface, and move the Portal to use that interface.