/mcp• An Identity Provider (IdP) server: This is the entity that authenticates user credentials and issues SAML Assertions. • Lightweight Directory Access Protocol (LDAP) users: These users are integrated with an LDAP directory, for example Microsoft Active Directory or OpenLDAP. Non-LDAP users reside locally on the Unified Communications server. • SAML Assertion: It consists of pieces of security information that are transferred from IdPs to the service provider for user authentication. An assertion is an XML document that contains trusted statements about a subject including, for example, a username and privileges. SAML assertions are usually digitally signed to ensure their authenticity. • SAML Request: This is an authentication request that is generated by a Unified Communications application. To authenticate the LDAP user, Unified Communications application delegates an authentication request to the IdP. • Circle of Trust (CoT): It consists of the various service providers that share and authenticate against one IdP in common. • Metadata: This is an XML file generated by an SSO-enabled Unified Communications application (for example, Unified Communications Manager, Cisco Unity Connection, and so on) as well as an IdP. The exchange of SAML metadata builds a trust relationship between the IdP and the service provider. • Assertion Consumer Service (ACS) URL: This URL instructs the IdPs where to post assertions. The ACS URL tells the IdP to post the final SAML response to a particular URL. All in-scope services requiring authentication use SAML 2.0 as the SSO mechanism. Note See the following figure for the identity framework of a SAML SSO solution. Cisco Unified Communications Applications that Support SAML SSO • Unified Communications Manager • Unified Communications Manager IM and Presence Service SAML SSO Deployment Guide for Cisco Unified Communications Applications, Release 15 and SUs 5 SAML-Based SSO Solution Cisco Unified Communications Applications that Support SAML SSO