SAML SSO with Meraki

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

SAML SSO with Meraki

Ronish Zadode

Has anyone successfully integrated Shibboleth as an Identity Provider for Cisco Meraki Dashboard.

I’m facing issue and receiving empty SAML response. I’m unable to figure out the issue.

Also if anyone could provide a detailed flow for IDP initiated SSO , it’ll be helpful.

 

Regards,

Ronish

 


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: SAML SSO with Meraki

Peter Schober
* Ronish Zadode <[hidden email]> [2020-02-05 11:36]:
> Has anyone successfully integrated Shibboleth as an Identity Provider for Cisco Meraki Dashboard.
> I'm facing issue and receiving empty SAML response. I'm unable to figure out the issue.
> Also if anyone could provide a detailed flow for IDP initiated SSO , it'll be helpful.

If you're the IDP you should know why the SAML response you're sending
is empty? You have the configuration, the tooling (e.g. aacli) as well
as the log files.

"IDP-initated SSO" is just a weird name for "non-standard SSO request".
Whether the IDP recieved a standard SAML 2.0 authentication request or
a proprietary one, this changes nothing wrt what the IDP is sending.

-peter
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: SAML SSO with Meraki

Jeffrey Williams
We've successfully integrated with Meraki a year ago.  We had to build the metadata and non-standard attributes for it, but it wasn't much trouble.

You should be able to see what's happening if you turn up the logging to DEBUG and see what your IDP is doing when it's building the response.  You should be able to see if filter in the custom attributes into the response to be sent back.  If they're being sent by the IDP, but not picked up by Meraki, confirm you're using the attribute names from the docs that they're expecting.

Good luck

On Wed, Feb 5, 2020 at 8:36 AM Peter Schober <[hidden email]> wrote:
* Ronish Zadode <[hidden email]> [2020-02-05 11:36]:
> Has anyone successfully integrated Shibboleth as an Identity Provider for Cisco Meraki Dashboard.
> I'm facing issue and receiving empty SAML response. I'm unable to figure out the issue.
> Also if anyone could provide a detailed flow for IDP initiated SSO , it'll be helpful.

If you're the IDP you should know why the SAML response you're sending
is empty? You have the configuration, the tooling (e.g. aacli) as well
as the log files.

"IDP-initated SSO" is just a weird name for "non-standard SSO request".
Whether the IDP recieved a standard SAML 2.0 authentication request or
a proprietary one, this changes nothing wrt what the IDP is sending.

-peter
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]


--
Jeffrey Williams 
Identity Engineer
Identity & Access Services
https://its.uncg.edu



--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]