Chapter 6 Authentication and Federated Identity

Concepts

Synchronize

 

LDAP or (NEW IN CISCO DMS 5.2.3) SSO

Users

 

Your choices on the Synchronize Users property sheet help you to submit a new agreement.

 

 

 

 

 

Manage

 

LDAP or (NEW IN CISCO DMS 5.2.3) SSO

Attributes

 

 

 

 

 

1. In most production environments, you can expect to use the Select Mode property sheet only one time.

Federated Identity and Single Sign-on (SSO) Concepts

IdP Requirements, page 6-17

Configuration Workflow to Activate Federation (SSO) Mode, page 6-17

Authentication Scenarios for User Sessions in Federation (SSO) Mode, page 6-18

IdP Requirements

NEW IN CISCO DMS 5.2.3 To use federation (SSO) mode in Cisco DMS, you must have access to an IdP that meets our requirements. Your IdP must:

Support SAML 2.0.

Support these two SAML profiles:

Web Browser SSO Profile

Enhanced Client or Proxy (ECP) Profile

Generate assertions in which the SAML “UID” attribute is mapped to the local portion of an authenticated user’s username.

Use a digital certificate from a well-known CA (but only if you will use HTTPS).

Configuration Workflow to Activate Federation (SSO) Mode

NEW IN CISCO DMS 5.2.3

1.Configure and set up an Active Directory server.

2.Configure and set up a SAML 2.0-compliant IdP.

Note When you use a “fresh install” of Cisco DMS 5.2.3 (as opposed to an upgrade), your DMM appliance is configured to use embedded authentication mode by default. But when you upgrade a DMM server that was already configured for an earlier Cisco DMS release, it might use either embedded mode or LDAP mode.

3.Obtain a digital certificate from a trusted CA and install it on your IdP.

4.Use DMS-Admin to configure Cisco DMS for federation mode.

5.Export SAML 2.0-compliant metadata from your DMM server and import it into your IdP.

6.Export SAML 2.0-compliant metadata from your IdP and import it into your DMM server.

7.Configure Active Directory exactly as you would in LDAP mode.

8.Click Update to save your work, and then advance to the Synchronize Users property sheet.

 

 

User Guide for Cisco Digital Media Manager 5.2.x

 

 

 

 

 

 

OL-15762-03

 

 

6-17

 

 

 

 

 

Page 63
Image 63
Cisco Systems 5.2.x manual Federated Identity and Single Sign-on SSO Concepts, IdP Requirements