Cisco Cisco Content Security Management Appliance M1070 Mode D'Emploi
14-57
AsyncOS 10.0 for Cisco Content Security Management Appliances User Guide
Chapter 14 Common Administrative Tasks
SSO Using SAML 2.0
Prerequisites
•
Verify whether the identity provider used by your organization is supported by Cisco Content
Security Management Appliance. The following are the supported identity providers:
Security Management Appliance. The following are the supported identity providers:
–
Microsoft Active Directory Federation Services (AD FS) 2.0
–
Ping Identity PingFederate 7.2
–
Cisco Web Security Appliance 9.1
•
Obtain the following certificates that are required to secure the communication between your
appliance and the identity provider:
appliance and the identity provider:
–
If you want your appliance to sign SAML authentication requests or if want your identity
provider to encrypt SAML assertions, obtain a self signed certificate or a certificate from a
trusted CA and the associated private key.
provider to encrypt SAML assertions, obtain a self signed certificate or a certificate from a
trusted CA and the associated private key.
–
If you want the identity provider to sign SAML assertions, obtain the identity provider’s
certificate. Your appliance will use this certificate to verify the signed SAML assertions.
certificate. Your appliance will use this certificate to verify the signed SAML assertions.
Configure Cisco Content Security Management Appliance as a Service Provider
Before You Begin
Review the
.
Procedure
Step 1
Log in to the Cisco Content Security Management appliance web interface.
Step 2
Select Management Appliance > System Administration > SAML.
Step 3
Under the Service Provider section, click Add Service Provider.
Step 4
Enter the following details:
Field Description
Profile Name
Enter a name for the service provider profile.
Configuration Settings
Entity ID
Enter a globally unique name for the service
provider (in this case, your appliance). The format
of the service provider Entity ID is typically a
URI.
provider (in this case, your appliance). The format
of the service provider Entity ID is typically a
URI.
Name ID Format
The format that the identity provider should use to
specify the user in the SAML assertion.
specify the user in the SAML assertion.
This field is not configurable. You will need this
value while configuring the identity provider.
value while configuring the identity provider.