User guide
8-17
User Guide for Cisco Digital Media Manager 5.4.x
OL-15762-05
Chapter 8 Authentication and Federated Identity
Concepts
Understand the Effects of a Blank Password in Active Directory
Note Microsoft Active Directory is the only LDAP implementation that we support in this release.
•
Even though it is possible in Active Directory to use a blank value for a password, Cisco DMS does
not allow it.
•
When you choose LDAP authentication, any user whose Active Directory password is blank is
prevented from logging in to any component of Cisco DMS.
•
Access is enabled or restored after the password is populated on the Active Directory server.
Understand Authentication Property Sheets for LDAP
Note Microsoft Active Directory is the only LDAP implementation that we support in this release.
The Authentication page contains four tabbed property sheets.
Federated Identity and Single Sign-on (SSO) Concepts
•
IdP Requirements, page 8-17
•
Configuration Workflow to Activate Federation (SSO) Mode, page 8-18
•
Authentication Scenarios for User Sessions in Federation (SSO) Mode, page 8-18
IdP Requirements
To use federation (SSO) mode in Cisco DMS, you must have access to an IdP that meets our
requirements. Your IdP must meet
ALL OF THESE CRITERIA IN COMBINATION
:
•
Support SAML 2.0.
•
Support these two SAML profiles:
–
Web Browser SSO Profile
–
Enhanced Client or Proxy (ECP) Profile
Select
Mode
1
Embedded, LDAP or SSO
Select Mode is by default the only active tab. Your choices on the Select Mode property sheet
determine whether you have access to the other three property sheets.
Define
Filter
LDAP or SSO
Your choices on the Define Filter property sheet help you to configure and add a new agreement.
Synchronize
Users
LDAP or SSO
Your choices on the Synchronize Users property sheet help you to submit a new agreement.
Manage
Attributes
LDAP or SSO
1. In most production environments, you can expect to use the Select Mode property sheet only one time.