Cisco Cisco Content Security Management Appliance M1070 Mode D'Emploi

Enter the service provider’s (appliance’s) Entity ID under Relaying Party Trusts > Properties > 
Identifiers > Relaying Party Identifier. Make sure that this value is same as the Entity ID value in 
the Service Provider settings on your appliance. 

If you have configured your service provider (appliance) to send signed SAML authentication 
requests, upload the service provider’s certificate (used to sign authentication requests) in .cer 
format under Relaying Party Trusts > Properties > Signature.

If you plan to configure AD FS to send encrypted SAML assertions, upload the service provider’s 
(appliance’s) certificate in .cer format under Relaying Party Trusts > Properties > Encryption.

Set the Secure-hash Algorithm to SHA-1 under Relaying Party Trusts > Properties > Advanced.

Edit the Claim Rule and add an Issuance Transform Rule to send the LDAP attribute for email 
address as an outgoing claim type (email address).

Add a custom rule to include 

SPNameQualifier

 in the response. The following is a sample custom 

rule:

c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"] => 

issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", 

Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = 

c.ValueType,  

Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = 

"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", 

Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/spnamequali

fier"] = "https://<appliance-hostname>:83");

The following are the high level tasks you need to perform to configure PingFederate 7.2 to communicate 
with your appliance. For complete and detailed instructions, see Ping Identity documentation.

Add your service provider’s (appliance’s) Assertion Consumer URL as an endpoint under protocol 
settings.

Enter the service provider’s (appliance’s) Entity ID under SP Connection > General Info > Partner's 
Entity ID (Connection ID). Make sure that this value is same as the Entity ID value in the Service 
Provider settings on your appliance. 

If you have configured your service provider (appliance) to send signed SAML authentication 
requests, upload the service provider’s certificate under Signature Verification section (SP 
Connection > Credentials > Signature Verification > Signature Verification Certificate).

If you plan to configure PingFederate to send encrypted SAML assertions, upload the service 
provider’s (appliance’s) certificate under Signature Verification section (SP Connection > 
Credentials > Signature Verification > Select XML Encryption Certificate).

Edit Attribute Contract to send the LDAP attribute- email address (Attribute Sources & User Lookup 
> Attribute Contract Fulfillment).

Make sure that you have:

Configured the identity provider to communicate with your appliance. See 

Copied the identity provider metadata details or the exported metadata file.