Cisco ISE external authentication with Shibboleth IdP?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Cisco ISE external authentication with Shibboleth IdP?

IAM David Bantz
Cisco ISE has instructions for configuring Ping SAML identity provider, so I'm hopeful that someone has configured Shibboleth IdP and could assure us is that's possible.


David Bantz
UA OIT IAM

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Cisco ISE external authentication with Shibboleth IdP?

Cantor, Scott E.
On 7/2/18, 6:08 PM, "users on behalf of IAM David Bantz" <[hidden email] on behalf of [hidden email]> wrote:

> Cisco ISE has instructions for configuring Ping SAML identity provider, so I'm hopeful that someone has configured
> Shibboleth IdP and could assure us is that's possible.

There is nothing Ping can do that we can't where SAML is concerned. If it's not SAML, then that's a different matter, but otherwise that's a given.

-- Scott



--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Cisco ISE external authentication with Shibboleth IdP?

Yavor Yanakiev-2
In reply to this post by IAM David Bantz
We recently did this for our Shanghai campus. In steps 11 and 12  in the guide, you gave link to, use urn:oid attribute names or friendly names. We provide uid, mail and displayName to ISE and for the group membership(step 11), the initial setup used eduPersonPrimaryAffiliation but we switch to isMemberOf(urn:oid:1.3.6.1.4.1.5923.1.5.1.1). As usual, be sure assertion encryption is set in a same way on Cisco ISE and the IdP. 
Nothing unusual in the SAML setup.

This video, though it is for PingFederate, could help you. https://www.youtube.com/watch?v=kt1RBg9My8E



On Mon, Jul 2, 2018 at 6:07 PM IAM David Bantz <[hidden email]> wrote:
Cisco ISE has instructions for configuring Ping SAML identity provider, so I'm hopeful that someone has configured Shibboleth IdP and could assure us is that's possible.


David Bantz
UA OIT IAM
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]


--
Yavor Yanakiev 
Systems Developer for Identity Services

212-992-7585

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]