Cisco ISE external authentication with Shibboleth IdP?
Yavor Yanakiev
yavor at nyu.edu
Mon Jul 2 22:58:48 EDT 2018
We recently did this for our Shanghai campus. In steps 11 and 12 in the
guide, you gave link to, use urn:oid attribute names or friendly names. We
provide uid, mail and displayName to ISE and for the group membership(step
11), the initial setup used eduPersonPrimaryAffiliation but we switch to
isMemberOf(urn:oid:1.3.6.1.4.1.5923.1.5.1.1). As usual, be sure assertion
encryption is set in a same way on Cisco ISE and the IdP.
Nothing unusual in the SAML setup.
This video, though it is for PingFederate, could help you.
https://www.youtube.com/watch?v=kt1RBg9My8E
On Mon, Jul 2, 2018 at 6:07 PM IAM David Bantz <dabantz at alaska.edu> wrote:
> Cisco ISE has instructions for configuring Ping SAML identity provider, so
> I'm hopeful that someone has configured Shibboleth IdP and could assure us
> is that's possible.
>
>
> https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-21/200551-Configure-ISE-2-1-Guest-Portal-with-Pin.html
>
> David Bantz
> UA OIT IAM
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
--
Yavor Yanakiev
Systems Developer for Identity Services
212-992-7585
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180702/a866cdf9/attachment.html>
More information about the users
mailing list