Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
519
Views
0
Helpful
1
Replies

Firepower Management Center - SAML Active Directory Federated Services

Dpjmie
Level 1
Level 1

‎08-02-2022 05:23 AM

Hi All,

We have configured FMC to use SAML but once we test the configuration, we get the following error 

Error 403

 
urn:oasis:names:tc:SAML:2.0:status:Requester
 
I am not sure what claims need to be passed from Active Directory to the FMC.  I have tried to use the claims listed below (only in house active directory, rather that Azure and still receive the same error FMC Azure AD Claims 
 
Any pointers anyone has on this is greatly appreciated
 
Thanks
D

 

Labels:
0 Helpful
1 Reply 1

pglave
Cisco Employee
Cisco Employee

‎08-31-2022 09:35 AM

Hi Dpjmie,

 

This is Pier, from Cisco CX (Customer Experience) team.

I’d like to support you with this issue.

 

I tried following the steps indicated in https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/216515-configure-fmc-sso-with-azure-as-identity.html with my FMC, and I was able to login with my Azure AD user.

 

Let me try to suggest some steps for you: please let me know if you’re able to reproduce the same result.

 

  1. As a first step, I’d suggest you to follow just the first half of the documentation page: please stop before the “Advanced Configuration – RBAC with Azure”.
    In fact, the section on RBAC is needed if you want to associate different FMC “roles” to your users.
    But, in order to test a basic SAML login, skipping this section is fine.

 

  1. Please make sure that you have added your user to your Azure application.
    Indeed, in my first tests I hadn’t done that, and I was getting a “403” error like yourself.
    To add the users to your Azure application, the place is the “Users and groups” menu in the Azure portal, like in this screenshot:

Picture 1.png

Please let me know if this helps.

Best regards.

0 Helpful
Customers Also Viewed These Support Documents