8-41
UserGuide for Cisco Digital Media Manager5.4.x
OL-15762-05
Chapter8 Authentication and Fe derated Identity
Procedures
Step3
Configure SAML
profile settings
and IdP
assertions.
a.
Click Configure Browser SSO on the Configuring SP Connection/Browser SSO page.
b.
Check the SP Initiated SSO check box on the Browser SSO/SAML Profiles page, and then
click Next TWO TIMES.
c.
Click Configure Assertion Creation on the Browser SSO/Assertion Creation page.
d.
Click Transi ent on the Assertion Creation/Identity Mapping page, check the Include
attributes in addition to the transient identifier check box, and then click Next.
e.
Set these attribute-value relationships in the Extend the Contract area on the Assertion
Creation/Attribute Contractpage.
•
SAML_AUTHN_CTX
urn:oasis:names:tc:SAML:2.0:attrname-format:uri
•
UID
urn:oasis:names:tc:SAML:2.0:attrname-format:uri
f.
Click Next.
g.
Click Map New Adapter Instance on the Assertion Creation/IdP Adapter Mapping page.
h.
Choose your appropriate authentication type and adapter instance from the next two pages.
i.
Click Next.
The username attribute that you need next is probably part of the adapter contract. Therefore:
j.
Click Use only the Adapter Contract values in the SAML assert ion on the IdP Adapter
Mapping/Assertion Mapping page, and then click Next.
k.
On the IdP Adapter Mapping/Attribute Contract Fulfillment page:
•
Set the source to Text for the SAML_AUTHN_CTX attribute contract. Then, set its
value to
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
•
Set the source to Adapter for the UID attribute contract. Then:
–
Locate an adapter value, such as subject or userId, that maps to the username.
–
Set the UID attribute contract value to match the adapter value that you just found.
l.
Click Next> Done > Next > Done > Next.
Step4
Configure
protocol settings.
a.
Click Configure Protocol Settings on the Browser SSO/Protocol Settings page.
b.
Make sure that the default binding value is set to POST on the Protocol Settings/Assertion
Consumer Service URL page, delete all other bindings, and then click Next.
c.
Clear the Artifact check box on the Protocol Settings/Allowable SAML Bindings page, and
then click Next.
d.
Check these check boxes on the Protocol Settings/Signature Policy page, and then
click Next.
•
Require AuthN requests to be signed when received via the POST or Redirect bindings.
•
Always sign the SAML Assertion.
e.
Click None on the Protocol Settings/Encryption Policy page.
f.
Click Next> Done > Next > Done > Next.