Chapter 6 Authentication and Federated Identity

Concepts

9.Synchronize DMM with your Active Directory server to populate the DMM user database.

Note You MUST configure at least one LDAP bookmark.

10.Synchronize users exactly as you would in LDAP mode.

 

 

 

Note

Whenever you change any setting or value on your IdP or any of your SPs, you must reestablish their

 

 

pairing to restore mutual trust among them.

 

 

 

11.Click Update to save your work.

Authentication Scenarios for User Sessions in Federation (SSO) Mode

SSO Scenario 1 — Trusted + Valid + Authorized

SSO Scenario 2 — Trusted + Valid + NOT Authorized

SSO Scenario 3 — Nothing Known

SSO Scenario 1—Trusted + Valid + Authorized

NEW IN CISCO DMS 5.2.3

1.A web browser requests access to a protected resource on an SP.

Your federation will not approve or deny this request until it knows more.

2.The SP asks its IdP if the browser is currently authenticated to any valid user account in the CoT.

3.The IdP verifies that:

The browser is already connected to an SP elsewhere in the CoT, having authenticated successfully to a valid user account and having received a SAML “token” or “passport” that authorizes at least some access.

The user account has sufficient permissions to access the protected resource.

4.The IdP acts on the SP’s behalf and redirects the browser immediately to the protected resource.

 

User Guide for Cisco Digital Media Manager 5.2.x

6-18

OL-15762-03

Page 64
Image 64
Cisco Systems 5.2.x manual SSO Scenario 1-Trusted + Valid + Authorized, Click Update to save your work