Cisco Cisco Expressway
There is a many-to-one relationship between domains and IdPs. A single IdP can be used for multiple
domains, but you may associate just one IdP with each domain.
domains, but you may associate just one IdP with each domain.
On the Expressway-C:
1. Open the IdP list (
Configuration > Unified Communications > Identity providers (IdP)
) and verify
that your IdP is in the list.
The IdPs are listed by their entity IDs. The associated domains for each are shown next to the ID.
The IdPs are listed by their entity IDs. The associated domains for each are shown next to the ID.
2. Click Associate domains in the row for your IdP.
This shows a list of all the domains on this Expressway-C. There are checkmarks next to domains that
are already associated with this IdP. It also shows the IdP entity IDs if there are different IdPs associated
with other domains in the list.
are already associated with this IdP. It also shows the IdP entity IDs if there are different IdPs associated
with other domains in the list.
3. Check the boxes next to the domains you want to associate with this IdP.
If you see (Transfer) next to the checkbox, checking it will break the domain's existing association and
associate it with this IdP.
associate it with this IdP.
4. Click Save.
The selected domains are associated with this IdP.
Exporting the SAML metadata from the Expressway-C
Note: The Expressway-C must have a valid connection to the Expressway-E before you can export the
Expressway-C's SAML metadata.
Expressway-C's SAML metadata.
1. Go to
Configuration > Unified Communications > Export SAML data
.
This page lists the connected Expressway-E, or all the Expressway-E peers if it's a cluster. These are
listed because data about them is included in the SAML metadata for the Expressway-C.
listed because data about them is included in the SAML metadata for the Expressway-C.
2. Click Download or Download all.
The page also lists all the Expressway-C peers, and you can download SAML metadata for each one, or
export them all in a .zip file.
export them all in a .zip file.
3. Copy the resulting file(s) to a secure location that you can access when you need to import
SAML metadata to the IdP.
Configuring IDPs
This topic covers any known additional configurations that are required when using a supported IDP for
SSO over collaboration edge.
SSO over collaboration edge.
These configuration procedures are required in addition to the prerequisites and high level tasks already
mentioned, some of which are outside of the document's scope.
mentioned, some of which are outside of the document's scope.
Active Directory Federation Services 2.0
After creating Relying Party Trusts for the Expressway-Es, you must set some properties of each entity, to
ensure that AD FS formulates the SAML responses as Expressway-E expects them.
ensure that AD FS formulates the SAML responses as Expressway-E expects them.
These procedures were verified on AD FS 2.0, although the same configuration is required if you are using
AD FS 3.0.
AD FS 3.0.
You need to:
Unified Communications Mobile and Remote Access via Cisco Expressway Deployment Guide (X8.5)
Page 32 of 50
Single Sign-On (SSO) over the Collaboration Edge