Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1741
Views
10
Helpful
6
Replies

Webex SSO iDP initiated login

clarkst12
Level 5
Level 5

‎06-18-2020 09:57 AM

Our Webex is fully integrated in with the Control Hub.  Our SAML provider has enabled both iDP and SP initiated logons and SSO Authentication is configured in Control Hub, however it appears that iDP initiated doesn't work.   Our Cisco rep told us six months ago that iDP works for legacy Webex (non-Control Hub), but not for Control Hub.

 

SP initiated does work fine.  Windows users with a valid Kerberos ticket can browser directly to our Service Now instance and SN knows who they are without prompting.  However, if they go to ourcompany.webex.com, they need to click on Login, provide their email, then it logs them in (which, as I understand, would be exactly how it would work with SP-initiated.

 

Has anyone gotten Control Hub authentication to work with iDP initiated SSO?

3 people had this problem
0 Helpful
6 Replies 6

support.in
Level 1
Level 1

‎12-22-2021 01:47 AM

Hi Team,

 

Webex didn't support IDP initiated login at SAML 2 Configuration.

 

 

Try to Configure SSO (Saml2 ) NetIQ Access manager 5.0.1

 

IDP Provider: NetIQ Access Manager

Service provider: Webex Cisco Meting 

 

 

Roger Kallberg
VIP
VIP
In response to support.in

‎12-22-2021 03:50 AM

@support.in Not sure what your question is, would you mind to please clarify?



Response Signature


pcookhayboo
Level 1
Level 1

‎06-18-2020 10:36 AM - edited ‎06-18-2020 10:40 AM

I'm in the same situation. I asked support and iDP initiated login not available/supported. 

 

If I had known all the limitations of control hub I would have stayed with Site Administration manged meetings Tenant. Identity, provisioning and API access are all more difficult now that we've switched.  

 

I created a request for it here if you want to vote  https://ciscocollabcustomer.ideas.aha.io/ideas/WXCUST-I-339

0 Helpful

clarkst12
Level 5
Level 5
In response to pcookhayboo

‎06-18-2020 11:11 AM

I honestly have a hard time believing that they don't support something as basic as this.

0 Helpful

pcookhayboo
Level 1
Level 1
In response to clarkst12

‎06-18-2020 01:53 PM

Annotation 2020-06-18 155210.png

 

From my ticket at the beginning of the year. 

0 Helpful

DerekD
Level 1
Level 1
In response to clarkst12

‎06-18-2020 12:32 PM

I only dabble in SAML issues at our site (someone else is our primary Shib guy), but whenever the topic of IdP Initiated SSO is discussed on the Shibboleth mailing list, it is my understanding that Scott Cantor (contributing author for the SAML spec) says that it was a bad idea and should be avoided.

 

Here is one post I found real quick - https://lists.oasis-open.org/archives/saml-dev/201605/msg00009.html

 

Also, see the "Overview" section of the a shibboleth wiki page at <https://wiki.shibboleth.net/confluence/display/IDP4/UnsolicitedSSOConfiguration>

 

P.S. Not posting the above to start a forum war, just wanted to pass along that a key person involved in the spec has an opinion on the subject. :)

0 Helpful
Customers Also Viewed These Support Documents