Presentation is loading. Please wait.

Presentation is loading. Please wait.

Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support

Published byChad Wiggins Modified over 6 years ago

Similar presentations

Presentation on theme: "Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support"— Presentation transcript:

1 Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support
Did you know that starting with the release of Prime Service Catalog 12.0 you can now enable single sign-on using SAML 2.0 between Prime Service Catalog and other applications such as Cisco Cloud Center and Cisco UCS Director?

2 SAML 2.0 Support Prime Service Catalog 12.0 supports SAML 2.0
Other applications integrating with Prime Service Catalog can use SAML as a means to provide Authentication and import user profile information from IDP.

3 What is SAML? SAML - Security Assertion Markup Language
Enables Single Sign-On (SSO) One set of credentials for users to enter So, what is SAML? The Security Assertion Markup Language (SAML) is an XML based open standard data format for exchanging authentication and authorization across domains and products. SAML enables Single Sign-On between multiple applications or services. For our purposes, we are talking about Web Single Sign-On with Prime Service Catalog. An application with SAML enabled allows a user to sign in and be authenticated once and subsequently access other integrated applications without having to sign in to each application.

4 SAML Terms Client - The end-user’s browser-based client that is attempting to log in to a service provider. Service provider –An application or service that the client is trying to access. For example, Cisco Prime Service Catalog. Identity Provider (IdP) - The entity that authenticates end user credentials, and issues SAML Assertions. Here are a few key terms to understand: Client (the end user’s client) - The browser-based client that is attempting to log in to a service provider. Service provider –An application or service that the client is trying to access. For our purposes here, Cisco Prime Service Catalog. Identity Provider (IdP) - The entity that authenticates end user credentials, and issues SAML Assertions.

5 SAML and Prime Service Catalog
You must enable SAML in PSC to use it Must disable LDAP Log in behavior – Handled outside of PSC Log out behavior Global (default) – Log out of all sites Local – Only of log out of one site User Management – Handled outside of PSC As a prerequisite to integrate with CloudCenter, UCS Director, or other service providers using SAML, you must enable and configure SAML SSO in Prime Service Catalog If you enable SAML, LDAP SSO log in must be manually disabled. Implementing single sign-on via SAML means that the sign in process and user authentication are handled entirely outside of Prime Service Catalog. With SAML implemented, Prime Service Catalog does not authenticate the user, but uses SAML as means of securely authenticating against an IdP, You can configure what happens when a user logs in or out of Prime Service Catalog Sign in process and user authentication are handled entirely outside of Prime Service Catalog. You can specify whether when a user logs out of an application if they automatically log out of all applications within the same browser session or just the specific application they logged out of. By default global logout is enabled. Global logout means when the user logs out of one instance of Prime Service Catalog the user is also logged out of other instance on the same browser. With global logout disabled, when the user logs out of Prime Service Catalog or other applications integrated with Prime Service Catalog, SAML logs the user out only from that particular application. This is called local logout. User management is handled outside PSC, but changes made outside of your Prime Service Catalog are immediately synced back to Prime Service Catalog.

6 SAML Sequence of Events
SERVICE PROVIDERS Cloud Center Prime Service Catalog UCS Director END USERS IDENTITY PROVIDER 1. Request target resource 2. (Discover the IdP) 3. Redirect to SSO service 7. Request Assertion Consumer Service 8. Redirect to target resource 9. Request target resource 10. Respond with request resource 4. Request SSO Service 5. (Identify the user) 6. Respond with XHTML form Here is an example sequence of events when end users sign in to integrated Cisco One Cloud Suite components. With SAML implemented, when a user authenticates to Prime Service Catalog (PSC), any other application integrating with Prime Service Catalog (such as Cisco Cloud Center or UCS Director) (or vice-versa) can use this as a means to provide authentication and import user profile information from the IdP.

7 Benefits Platform neutrality – Moves security framework away from platform architectures and particular vendor implementations Loose coupling of directories – User information in one place Improved online experience for end users – Sign-in once Reduced administrative costs - Standardizes the log in interfaces between systems for faster, less expensive, and more reliable integration and user management Platform neutrality - SAML abstracts the security framework away from platform architectures and particular vendor implementations. Loose coupling of directories - SAML does not require user information to be maintained and synchronized between directories. Improved online experience for end users – Single Sign-On saves time by providing the ability to use a variety of Internet and Intranet resources without having to log in repeatedly. Reduced administrative costs for service providers - Standardizes the log in interfaces between systems for faster, less expensive, and more reliable integration and user management.

8 Next Steps Cisco Prime Service Catalog 12.0 Administration and Operation Guide Cisco Prime Service Catalog 12.0 Integration Guide For more information on enabling and configuring SAML 2.0 SSO in Prime Service Catalog, refer to the Cisco Prime Service Catalog 12.0 Administration and Operation Guide and Cisco Prime Service Catalog 12.0 Integration Guide

9 Go to www.cisco.com and keyword search Prime Service Catalog
For more information Go to and keyword search Prime Service Catalog Both guides and more information about Cisco Prime Service Catalog 12.0 are available at keyword search Prime Service Catalog

10

Download ppt "Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support"

Similar presentations

Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.

Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.
Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.

Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.
Saml-v2_0-intro-dec051 Security Assertion Markup Language An Introduction to SAML 2.0 Tom Scavo NCSA.

Saml-v2_0-intro-dec051 Security Assertion Markup Language An Introduction to SAML 2.0 Tom Scavo NCSA.
1 Security Assertion Markup Language (SAML). 2 SAML Goals Create trusted security statements –Example: Bill’s address is and he was authenticated.

1 Security Assertion Markup Language (SAML). 2 SAML Goals Create trusted security statements –Example: Bill’s address is and he was authenticated.
Will Darby 91.514 5 April 2010.  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.

Will Darby April  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Carl A. Foster.  What is SAML?  Security Assertion and Markup Language is an XML-based standard for exchanging authentication and authorization between.

Carl A. Foster.  What is SAML?  Security Assertion and Markup Language is an XML-based standard for exchanging authentication and authorization between.
95-804 Applied Cryptography Week 13 SAML 1 95-804 Applied Cryptography SAML and XACML Mike McCarthy Week 13.

Applied Cryptography Week 13 SAML Applied Cryptography SAML and XACML Mike McCarthy Week 13.
Copyright B. Wilkinson, 2008. This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.

Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Unity Connection 7.0 Directory Integration TOI Manoj Agrawal

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Unity Connection 7.0 Directory Integration TOI Manoj Agrawal
Managing Client Access

Managing Client Access
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright 2006 Archistry Limited. All Rights Reserved. SOA Federated Identity Management How much do you really need? Andrew S. Townley Founder and Managing.

Copyright 2006 Archistry Limited. All Rights Reserved. SOA Federated Identity Management How much do you really need? Andrew S. Townley Founder and Managing.
Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education www.netprof.us.

Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education
Identity Management Report By Jean Carreon and Marlon Gonzales.

Identity Management Report By Jean Carreon and Marlon Gonzales.

Similar presentations

Ads by Google