Cisco ISE external authentication with Shibboleth IdP?

Yavor Yanakiev yavor at
Mon Jul 2 22:58:48 EDT 2018

We recently did this for our Shanghai campus. In steps 11 and 12  in the
guide, you gave link to, use urn:oid attribute names or friendly names. We
provide uid, mail and displayName to ISE and for the group membership(step
11), the initial setup used eduPersonPrimaryAffiliation but we switch to
isMemberOf(urn:oid: As usual, be sure assertion
encryption is set in a same way on Cisco ISE and the IdP.
Nothing unusual in the SAML setup.

This video, though it is for PingFederate, could help you.

On Mon, Jul 2, 2018 at 6:07 PM IAM David Bantz <dabantz at> wrote:

> Cisco ISE has instructions for configuring Ping SAML identity provider, so
> I'm hopeful that someone has configured Shibboleth IdP and could assure us
> is that's possible.
> David Bantz
> --
> For Consortium Member technical support, see
> To unsubscribe from this list send an email to
> users-unsubscribe at

Yavor Yanakiev
Systems Developer for Identity Services
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list