Please note: These WebEx forums have replaced the earlier site forums. All the previous threads and posts have been replicated here, and if you subscribed to the previous forums, please re-subscribe. Thank you.

« Back to User Management

SSO with ADFS, forms login with ADSF Proxy

Combination View

Rahul Patel Posts: 6 Join Date: 7/9/10 Recent Posts	SSO with ADFS, forms login with ADSF Proxy sso adfs adfs-proxy proxy Answer 6/19/12 4:03 PM Mark as an Answer Submit Reply with Quote Quick Reply Hello, Followed the ADFS setup guide that was emailed to us and we were able to get SSO work and Auto Account Create work when we are internal on our network. We setup an ADFS proxy server in the DMZ, so that, when using your computer from home or using a mobile device, it would hit the ADFS proxy and prompt for a username and password. When we click on Host log in, it does prompt for username and password, but when I type my username and password, I get an "User Authentication Failed": Reason: Invalid SAML Assertion (13). Does anyone have this working in their environment? Anything you need from to get this corrected, please let me know. Thank you, Rahul Patel
	Sign in to vote. Flag Please sign in to flag this as inappropriate. Top

Kingsley Lewis Posts: 131 Join Date: 1/16/09 Recent Posts	RE: SSO with ADFS, forms login with ADSF Proxy Answer 6/19/12 4:09 PM as a reply to Rahul Patel. Mark as an Answer Submit Reply with Quote Quick Reply Hi Rahul, The most likely reason for this is the AuthnContextClassRef coming from the outside users is different then the one from inside users. To work around this problem WebEx will allow you to set multiple AuthnContextClassRefs on the WebEx site admin page that are separated by a semicolon It would look something like this urn:federation:authentication:windows;urn:oasis:names:tc:SAML:2.0:ac:classesassword if you do not know what the value is for external users, I would try the above suggestion first. If it still fails then you will need to contact technical support and provide the assertion ADFS is generating for an outside user. Thank you -Kingsley Lewis
	Sign in to vote. Flag Please sign in to flag this as inappropriate. Top

Rahul Patel Posts: 6 Join Date: 7/9/10 Recent Posts	RE: SSO with ADFS, forms login with ADSF Proxy Answer 6/20/12 8:49 PM as a reply to Kingsley Lewis. Mark as an Answer Submit Reply with Quote Quick Reply Hello Kingsley, Thank you for your suggestion. I am not sure what to use for the outside users. But, I was told that, this setup is not supported and that I should post it here and someone will help. :-) I did try your suggestion and I got prompted for a user and password, and got a SAML assertion error. Is there anywhere there is documentation or suggestion on what to try for the AuthnContextClassRefs on the WebEx site admin page? Thank you, Rahul
	Sign in to vote. Flag Please sign in to flag this as inappropriate. Top

Rahul Patel Posts: 6 Join Date: 7/9/10 Recent Posts	RE: SSO with ADFS, forms login with ADSF Proxy Answer 6/20/12 9:08 PM as a reply to Kingsley Lewis. Mark as an Answer Submit Reply with Quote Quick Reply Hello Kingsley, I replaced urn:federation:authentication:windows;urn:oasis:names:tc:SAML:2.0:ac:classesassword with urn:federation:authentication:windows;urn:oasis:names:tc:SAML:2.0:ac:classesasswordProtectedTransport and that did the trick. OK, when i save this, its cutting off the end... So, you might have given me the right info... but, I needed the ProtectedTransport in the end. Thank you for your help for getting this to work. Rahul
	Sign in to vote. Flag Please sign in to flag this as inappropriate. Top

Create a Cisco account today and gain access across all Cisco Collaboration Developer sites.

Sign Up Now!

Follow the WebEx Developer program on Twitter for the latest industry and WebEx Meetings related information.