User's Manual

ManualsBrandsCisco Systems ManualsHome Theater ServerCisco Systems 5.2.x

6-7

User Guide for Cisco Digital Media Manager 5.2.x

OL-15762-03

Chapter 6 Authentication and Federated Identity

Concepts

Return to Top

OpenAM

NEW IN CISCO DMS 5.2.3—SAML 2.0-compliant identity and access management server platform written

in Java. OpenAM is open source software available under the Common Development and Distribution

(CDDL) license. OpenAM is derived from and replaces OpenSSO Enterprise, which also used CDDL

licensing. See http://www.forgerock.com/openam.html.

organizational unit. An LDIF classification type for a logical container within a hierarchical system.

In LDIF grammar, the main function of an OU value is to distinguish among superficially identical CNs

that might otherwise be conflated. For example:

• CN=John Doe,OU=sales,DN=example,DN=com

• CN=John Doe,OU=marketing,DN=example,DN=com

Note An LDAP expression must never include a space immediately to either side of a “=” sign. Similarly, it must

never include a space immediately to either side of an “objectClass” attribute. Otherwise, validation fails.

Return to Top

RDN

relative distinguished name. The CN for a directory service entity, as used exclusively (and still without

any explicit context) by the one IdP that has synchronized this entity against an Active Directory user

base. When an IdP encounters any RDN attribute in an LDIF reference, the IdP expects implicitly that

its SAML 2.0-synchronized federation is the only possible context for the CN. It expects this because

an IdP cannot authenticate—and logically should never encounter—a directory service entity whose

RDN is meaningful to any other federation.

Return to Top

SAML

NEW IN CISCO DMS 5.2.3—Security Assertion Markup Language. XML-based open standard that security

domains use to exchange authentication and authorization data, including assertions and security

tokens.

We support SAML 2.0.

Shibboleth

NEW IN CISCO DMS 5.2.3—

A SAML 2.0-compliant architecture for federated identity-based

authentication and authorization.

NEW IN CISCO DMS 5.2.3—

service provider. Server that requests and receives information from an IdP.

For example, SPs in Cisco DMS include your DMM server and your Show and Share server.

SSO

NEW IN CISCO DMS 5.2.3—

single sign on. (And sometimes “single sign off.”) The main user-facing

benefit of federation mode is that SPs begin— and end, in some implementations—user sessions on

behalf of their entire federation. SSO is a convenience for users, who can log in only once per day as

their work takes them between multiple servers that are related but independent. Furthermore, SSO is

a convenience to IT staff, who spend less time on user support, password fatigue, compliance audits,

and so on.

• We DO NOT support single sign off in Cisco DMS 5.2.3.

• We support only SP-initiated SSO in Cisco DMS 5.2.3.