This is a lab configuration guide that was used for setup of ISE 2.1 with PingFederate for Guest and SAML SSO. It has most of what is needed to get your portal up and running with Ping (except for the authz rules). Its a sample guide to use and help you out.
ISE 2.1 Enhancements being showcased in this guide:
New SAML Server support —Cisco ISE end-user web portals now support PingIdentity (Cloud), PingFederate (CPE), Azure Active Directory, SecureAuth, and servers running generic SAML 2.0.
Single portal for credentialed and SAML SSO login —The login portal can be configured to provide the option to log in with credentials, or to click a link that redirects the user to an SSO portal page. The link that the user clicks to redirect to an SSO provider can be customized.
Sponsor Approval Filtering —A sponsor can be limited to approving accounts based on the sponsor’s email address, or all pending accounts. Currently this feature is supported only for internal sponsors and SAML SSO sponsors.
The guide shows the following configurations:
ISE configuration of Guest & Sponsor Portal as Service Providers
PingFederate configuration as an iDP
ISE 2.1 integration of Guest and Sponsor Portals SAML SSO with PingFederate
Single Guest Portal
Self-registration with Sponsor Approval
Employee logins via SSO
Employee logins via SSO
Pending Accounts list filtered based on Sponsors email address (via SAML)
Hello,we use an FMC (vmware Version 188.8.131.52).I've noticed that sda7 (/var) has consistently high read rates. Between 250 and 300 MB/s. Is that normal? Which process is responsible for this and how can I determine which process it is?Thanks for the helpRon...
Hi. I'm the network admin for my organization and we've been having some security issues on our network recently so I'm trying to investigate using wireshark. But my issue is that wireshark only captures packets that come to my device's network inter...
Cisco Router 2911, there are two problems:1. SSL from outside not working. From outside I mean to access router on WAN Port from my home. 2. Ping Router WAN Port from outside i.e. from my home. Complete configuration is as follows, please ...
Hello Guys, I am using cisco 2802 AP as WLC and using ISE for AAA. Clients should be authenticate by using EAP-TLS. I am getting these errors: 5411 Supplicant stopped responding to ISE 12931 Supplicant stopped responding to ISE af...
Hi, my Customer has some strange behaviors on his Switches with some clients.First the config (Closed Mode): aaa group server radius ISE
server name cisco-nac01
server name cisco-nac02
aaa authentication dot1x default group ISE