Support User Manuals

Cisco Systems 5.2.x Home Theater Server User Manual

Open as PDF

of 350

6-17

User Guide for Cisco Digital Media Manager 5.2.x

OL-15762-03

Chapter 6 Authentication and Federated Identity

Concepts

Federated Identity and Single Sign-on (SSO) Concepts

• IdP Requirements, page 6-17

• Configuration Workflow to Activate Federation (SSO) Mode, page 6-17

• Authentication Scenarios for User Sessions in Federation (SSO) Mode, page 6-18

IdP Requirements

NEW IN CISCO DMS 5.2.3—To use federation (SSO) mode in Cisco DMS, you must have access to an IdP

that meets our requirements. Your IdP must:

• Support SAML 2.0.

• Support these two SAML profiles:

–

Web Browser SSO Profile

–

Enhanced Client or Proxy (ECP) Profile

• Generate assertions in which the SAML “UID” attribute is mapped to the local portion of an

authenticated user’s username.

• Use a digital certificate from a well-known CA (but only if you will use HTTPS).

Configuration Workflow to Activate Federation (SSO) Mode

NEW IN CISCO DMS 5.2.3

1.

Configure and set up an Active Directory server.

2. Configure and set up a SAML 2.0-compliant IdP.

Note When you use a “fresh install” of Cisco DMS 5.2.3 (as opposed to an upgrade), your DMM appliance is configured

to use embedded authentication mode by default. But when you upgrade a DMM server that was already

configured for an earlier Cisco DMS release, it might use either embedded mode or LDAP mode.

3. Obtain a digital certificate from a trusted CA and install it on your IdP.

4. Use DMS-Admin to configure Cisco DMS for federation mode.

5. Export SAML 2.0-compliant metadata from your DMM server and import it into your IdP.

6. Export SAML 2.0-compliant metadata from your IdP and import it into your DMM server.

7. Configure Active Directory exactly as you would in LDAP mode.

8. Click Update to save your work, and then advance to the Synchronize Users property sheet.

Synchronize

Users

LDAP or (NEW IN CISCO DMS 5.2.3) SSO

Your choices on the Synchronize Users property sheet help you to submit a new agreement.

Manage

Attributes

LDAP or (NEW IN CISCO DMS 5.2.3) SSO

1. In most production environments, you can expect to use the Select Mode property sheet only one time.

previous next