Re: SAML Authentication for CISCO SBL

karthickvdm · ‎07-26-2023

We are currently working on enabling users to change their first time login password over CISCO SBL. But heard SAML authentication is not possible in CISCO SBL sometimes before. Is there any progress to allow the users using SAML authentication to change their password over CISCO SBL?

Do we have any alternate options for user to change their first time password over SBL?

JP Miranda Z · ‎08-01-2023

Hi karthickvdm,

You are correct, SAML is currently not support with SBL, we already have an enhancement request but there is not an ETA (CSCvm86891) for the support. About alternative options that will depend completely on your setup:

- If you are trying to change the password store in a SAML IDP database, this is not supported/

- If you are using SAML and the user database comes from an AD server you can create a secondary connection profile so the users can authenticate against AD (radius with mschapv2 or ldaps) with password management so the user will change the password during the initial connection through SBL, keep in mind this will connect them to the VPN in the secondary connection profile and a new connection will be required with the connection profile using SAML in order to test the new password.

-JP-

Hope this helps!

yusito · ‎01-19-2025

Hi @JP Miranda Z
Is this still not fixed? Any update on situation?

JP Miranda Z · ‎01-20-2025

Hi @yusito,

The bug is still open which means this is still not supported, as suggested to all customers you can subscribe to the bug so you will be notified when this is fixed.

-JP-

Hope this helps!