Configure Cisco Content Security Management Appliance as a Service Provider

Before you begin

Review the Prerequisites.

Procedure

Step 1

[New Web Interface Only] On the Security Management appliance, click to load the legacy web interface.

Step 2

Choose Management Appliance > System Administration > SAML.

Step 3

Under the Service Provider section, click Add Service Provider.

Step 4

Enter the following details:

Field

Description

Profile Name

Enter a name for the service provider profile.

Configuration Settings

Entity ID

Enter a globally unique name for the service provider (in this case, your appliance). The format of the service provider Entity ID is typically a URI.

Name ID Format

The format that the identity provider should use to specify the user in the SAML assertion.

This field is not configurable. You will need this value while configuring the identity provider.

Assertion Consumer URL

The URL to which the identity provider should send the SAML assertion after authentication has successfully completed. In this case, this is the URL to your spam quarantine.

This field is not configurable. You will need this value while configuring the identity provider.

SP Certificate

Note

The private key must be in .pem format.

Signing Authentication Requests

If you want the appliance to sign the SAML authentication requests:

  1. Upload the certificate and the associated private key.

  2. Enter the passphrase for the private key.

  3. Select Sign Request.

Decrypt Encrypted Assertions

If you plan to configure your identity provider to encrypt SAML assertions:

  1. Upload the certificate and the associated private key.

  2. Enter the passphrase for the private key.

Sign Assertions

If you want the identity provider to sign the SAML assertions, select Sign Assertions.

If you select this option, you must add the identity provider’s certificate to the appliance. See Configure the Identity Provider to Communicate with Cisco Content Security Management Appliance.

Organization Details

Enter the details of your organization.

Identity provider uses this information in the error logs.

Technical Contact

Enter the email address of the technical contact.

Identity provider uses this information in the error logs.

Step 5

Click Submit.

Step 6

Note down the service provider metadata (Entity ID and Assertion Customer URL) displayed on the SSO Settings page and the Name ID Format displayed on the Service Provider Settings page. You will need these details while configuring the service provider settings on the identity provider.

Optionally, you can export the metadata as a file. Click Export Metadata and save the metadata file. Some identity providers allow you to load service provider details from a metadata file.

What to do next

Configure the identity provider to communicate with your appliance. See Configure the Identity Provider to Communicate with Cisco Content Security Management Appliance.