There is no Custom Rule for Expressway C. I have this working in multiple ADFS 3 instances. Just the LDAP rule mapping SAM-Account-Name to UID [cid:image002.png@01D286C1.C93C7B80]
Matthew G. Loraditch - CCNP-Voice, CCNA-R&S, CCDA Network Engineer Direct Voice: 443.541.1518 Facebook<https://www.facebook.com/heliontech?ref=hl> | Twitter<https://twitter.com/HelionTech> | LinkedIn<https://www.linkedin.com/company/helion-technologies?trk=top_nav_home> | G+<https://plus.google.com/+Heliontechnologies/posts> From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of niml...@nimloth.pl Sent: Tuesday, February 14, 2017 12:47 PM To: cisco-voip@puck.nether.net Subject: [cisco-voip] Expressway MRA and SSO Dear Group, I'm trying to enable SSO for Expressway MRA setup based on this documentation: https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-9/Mobile-Remote-Access-via-Expressway-Deployment-Guide-X8-9.pdf For IdP we're using AD FS 3.0 and what I'm really interested is in part on page 43 (Active Directory Federation Services 2.0) - unfortunately no success so far. So here questions: 1) Does anyone have working solution with AD FS ? 2) Does it require same Custom Rules as for CUCM ? c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccount name<http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccount%0bname>"]=> issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name identifier<http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name%0bidentifier>", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/ claimproperties/format<http://schemas.xmlsoap.org/ws/2005/05/identity/%0bclaimproperties/format>"] = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/name qualifier<http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/name%0bqualifier>"] = "http://<FQDN of ADFS>/com/adfs/services/trust<http://%3cFQDN%20of%20ADFS%3e/com/adfs/services/trust>", Properties ["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/spnamequalifier"] = "<FQDN of CUCM>"); Screenshots from working setup (AD FS rules) would be nice (can be private if can't be send to group) Hope someone have it working :) Many thanks, Lukasz
_______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip