Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
561
Views
0
Helpful
0
Replies

ISE CWA with Google SAML

cgn_ops_noc
Level 1
Level 1

‎12-01-2021 09:00 AM - edited ‎12-01-2021 09:34 AM

Hi

I'm trying to set up Google SAML for alternative source for wired 802.1x authorization ( via CWA). Everything works fine on test portal and allows me to sign-in. But when I try to sign-in from work device, Google portal doesn't appear - I can see only "Validate access rights" label.

I've used this guide https://community.cisco.com/t5/security-documents/google-suite-guest-sso-single-sign-on-with-ise-via-saml-for/ta-p/3643930  to set Google SAML app - but it's for WLC  ( I use Cisco Catalyst switch instead).

 

There is important moment in guide - during ACL_WEBAUTH_REDIRECT setting, author has chosen 'Add-Remove URL' button and added a few google URLs:

Screenshot from 2021-12-01 18-56-04.png

I assume that's the key, but how can I make this in Catalyst? 
Here is my current redirection rule:

Extended IP access list ACL_WEBAUTH_REDIRECT
    10 deny udp any any eq domain
    20 deny ip any host &ISE_IP&
    30 permit tcp any any eq www (10083 matches)


Thanks in advance for your advice!

 

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card