Cisco Cisco TelePresence Video Communication Server Expressway
Importing the SAML Metadata from the IdP
1. On the VCS Control, go to
Configuration > Unified Communications > Identity providers (IdP)
.
You only need to do this on the master peer of the cluster.
2. Click Import new IdP from SAML.
3. Use the Import SAML file control to locate the SAML metadata file from the IdP.
4. Set the Digest to the required SHA hash algorithm.
The VCS uses this digest for signing SAML authentication requests for clients to present to the IdP. The
signing algorithm must match the one expected by the IdP for verifying SAML authentication request
signatures.
signing algorithm must match the one expected by the IdP for verifying SAML authentication request
signatures.
5. Click Upload.
The VCS Control can now authenticate the IdP's communications and encrypt SAML communications to
the IdP.
the IdP.
Note: You can change the signing algorithm after you have imported the metadata, by going to
Configuration > Unified Communications > Identity Providers (IdP)
, locating your IdP row then, in
the
Actions
column, clicking Configure Digest).
Associating Domains with an IdP
You need to associate a domain with an IdP if you want the MRA users of that domain to authenticate via the
IdP. The IdP adds no value until you associate at least one domain with it.
IdP. The IdP adds no value until you associate at least one domain with it.
There is a many-to-one relationship between domains and IdPs. A single IdP can be used for multiple
domains, but you may associate just one IdP with each domain.
domains, but you may associate just one IdP with each domain.
On the VCS Control:
1. Open the IdP list (
Configuration > Unified Communications > Identity providers (IdP)
) and verify
that your IdP is in the list.
The IdPs are listed by their entity IDs. The associated domains for each are shown next to the ID.
The IdPs are listed by their entity IDs. The associated domains for each are shown next to the ID.
2. Click Associate domains in the row for your IdP.
This shows a list of all the domains on this VCS Control. There are checkmarks next to domains that are
already associated with this IdP. It also shows the IdP entity IDs if there are different IdPs associated
with other domains in the list.
already associated with this IdP. It also shows the IdP entity IDs if there are different IdPs associated
with other domains in the list.
3. Check the boxes next to the domains you want to associate with this IdP.
If you see (Transfer) next to the checkbox, checking it will break the domain's existing association and
associate it with this IdP.
associate it with this IdP.
4. Click Save.
The selected domains are associated with this IdP.
Exporting the SAML Metadata from the VCS Control
Note: The VCS Control must have a valid connection to the VCS Expressway before you can export the
VCS Control's SAML metadata.
VCS Control's SAML metadata.
Unified Communications Mobile and Remote Access via Cisco VCS Deployment Guide (X8.6)
Page 35 of 55
Single Sign-On (SSO) over the Collaboration Edge