McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 34

↗ View in doc context
page
34
source
cucm/v15/saml-sso/saml-sso.md
chunk_id
cucm::v15::saml-sso::saml-sso::31

Configure Multiserver SAN Certificates Each Cisco product has its own process for generating multiserver SAN certificates. For information about the Cisco products that support multiserver SAN certificates see the relevant guide. Related Topics Release Notes for Cisco Unified Communications Manager, Release 10.5(1) Cisco Unified Communications Operating System Administration Guide for Cisco Unity Connection Release 10.x Cisco Prime Collaboration Deploy Certificate Issuer for Microsoft Edge Interoperability An interoperability issue exists within SAML SSO deployments where the Microsoft Edge Browser is deployed. If the Edge Browser is deployed on an SSO-enabled machine, the Edge browser does not recognize the certificate issuer of the Unified Communications Manager certificate and does not provide access. Use this procedure to fix this issue via the Group Policy Object (GPO) and Active Directory whereby you can push the certificate issuer of the Unified Communications Manager certificate to the Trusted Root Certification of local machines that use the Edge browser. The "certificate issuer" depends on how your certificates are set up. For example, for third-party CA certificates, You may need to push the CA certificate only if the CA itself signs the Unified Communications Manager certificate. However, if an intermediate CA signs the Unified Communications Manager certificate, you may need to push the complete certificate chain, which will include the root certificate, intermediate certificate, and any leaf certificates. Note Before you begin Membership in the local Administrators group, or equivalent, of the local machine is the minimum required to complete this procedure Procedure Step 1 In Active Directory, Open Group Policy Management Console. Step 2 Find an existing GPO or create a new GPO to contain the certificate settings. The GPO must be associated with the domain, site, or organizational unit whose users you want affected by the policy. Step 3 Right-click the GPO, and select Edit. The Group Policy Management Editor opens, and displays the current contents of the policy object. Step 4 In the navigation pane, open Computer Configuration > Windows Settings > Security Settings > Public Key Policies > Trusted Publishers. Step 5 Click the Action menu, and click Import. Step 6 Follow the instructions in the Certificate Import Wizard to find and import the certificate. SAML SSO Deployment Guide for Cisco Unified Communications Applications, Release 15 and SUs 24 SAML SSO Configuration Configure Multiserver SAN Certificates