Solved: Re: Single sign-on (SSO), Active Directory (AD), Cisco Wireless Contro

Mahadi Hasan · ‎03-14-2023

What is the exact process of single sign-on (SSO) using Active Directory (AD) for Cisco wireless controller 9800 (WLC)?

Rich R · ‎03-15-2023

The WLC just uses the configured authentication service to authenticate the user.

Single sign-on is a generic umbrella term for using a single central source of identity/authentication (eg AD) for multiple different services consumed by users so that's entirely up to you - nothing to do with the WLC.

Using LDAP to authenticate WiFi users to AD is an example of implementing a single sign-on solution because you're using a single userid to authenticate Windows and WiFi users.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs

View solution in original post

Sandeep Choudhary · ‎03-15-2023

Do you have RADIUS or TACACS server like Cisco ISE, if yes then follow this posts:

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/214490-configure-radius-and-tacacs-for-gui-and.html

Regards

Dont forget to rate helpful posts

Mahadi Hasan · ‎03-15-2023

Thank you for your response! It was really very helpful .You asked if we have RADIUS or TACACS server. But unfortunately we have none of them. In this project we have microsoft active directory already in the production and our plan is to integrating WLC 9800 with that active directory with Single Sing-on service.I think LDAP is also needed here. can you please share more info about this ?

marce1000 · ‎03-15-2023

- FYI : https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/216744-configuring-catalyst-9800-wlc-with-ldap.html

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Mahadi Hasan · ‎03-15-2023

Thank you for your wonderful response! AD and LDAP integration process with WLC9800 is clearly showed in the given document! But there is no information including Single Sign-on service. Can you share about this?

Rich R · ‎03-15-2023

The WLC just uses the configured authentication service to authenticate the user.

Single sign-on is a generic umbrella term for using a single central source of identity/authentication (eg AD) for multiple different services consumed by users so that's entirely up to you - nothing to do with the WLC.

Using LDAP to authenticate WiFi users to AD is an example of implementing a single sign-on solution because you're using a single userid to authenticate Windows and WiFi users.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs

Mahadi Hasan · ‎03-15-2023

Thanks for the response! So I'm trying to enable AD authentication for wlc and will share the further update!

Single sign-on (SSO), Active Directory (AD), Cisco Wireless Controller