Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1346
Views
0
Helpful
1
Replies

Cisco SMA and SAML

ioannisv
Level 1
Level 1

‎06-24-2021 09:14 PM

We are in process of setup SAML on SMA virtual appliance with ADFS 4.0

According to the bellow :

  • Add a custom rule to include SPNameQualifier in the response. The following is a sample custom rule:

c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"] => 
issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer =
 c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType,  
Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = 
"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", Properties
["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/spnamequalifier"] = 
"https://<appliance-hostname>:83");

 The above custom rule represents the entry for SPAM Quarantine login users.

What about UI users? Any ideas what custom rule has to be added?

Same for the bellow :

  • Edit the Claim Rule and add an Issuance Transform Rule to send the LDAP attribute for email address as an outgoing claim type (email address).

Any ideas what claim rule has to be added?

 

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Mathew Huynh
Cisco Employee
Cisco Employee

‎06-27-2021 05:25 PM

Hey there,

 

While this is "CES" it should also apply to answer queries:
https://docs.ces.cisco.com/docs/saml-authentication

 

THanks,

Mathew

0 Helpful
Customers Also Viewed These Support Documents