8-60
UserGuide for Cisco Digital Media Manager5.4.x
OL-15762-05
Chapter8 Authentication and Federated Identity
Reference
Windows Active Directory Server 2003
•
Cisco DMS 5.3
Windows Active Directory Server 2008R2
•
Cisco DMS 5.3
Federation Mode (SSO) FAQsQ.
Are there any special APIs to use federation mode?
A.
No. We support one set of API calls that work identically across all supported authentication modes.
See http://developer.cisco.com.
Q.
Does DMM perform trust validation of certificates that it imports with IdP metadata?
A.
Yes.
Q.
Do you support any use of certificate revocation lists?
A.
No. Not in this release.
Q.
Can I use one browser to connect simultaneously to more than one DMM appliance?
A.
No. Each time that you connect to an additional instance, you are logged out of any prior instance
in that browser. However, you can use multiple browsers together for this purpose.
Q.
Why would user sessions time out for DMM users after a different interval than I set in DMM?
A.
This can happen when session timeout values differ between your DMM applia nce and your IdP.
Reconfigure these servers to share one identi cal session timeout value.
Error Message FAQsQ.
Why does an error message state that an Active Directory password is not valid?
Explanation
A “User must change password at next login” flag might be set on your Active Directory
server. While this flag is set, the affected user cannot log in to any CiscoDMS component.
DMS-Admin cannot change any password on your Active Directory server.
Recommended Action
Use features that your ActiveDirectory server provides for this purpose.
Q.
Why does an error message state that filter validation has failed?
Explanation
Filters fail when they point to empty containers. They also fail in response to filter
expressions that includes any spaces.
Recommended Action
Make sure on your ActiveDirectory server that your filter did not refer to an
empty organizational unit (OU) container.
Confirm also that your filter expression does not contain even
onespace.
Q.
Why would my API calls receive an HTTP401 Unauthorized error?
Recommended Action
When you use federation mode, enable ECP on your IdP server.