Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1093
Views
30
Helpful
5
Replies

Single Server Sign On and ACS

getwithrob
Level 3
Level 3

‎01-21-2007 07:36 PM

If I don't integrage 2.6 w/ ACS, will I still be able to take advantage of the Single Server Sign On feature?

P.S. We have 3 servers running RME today w/no integration of Campus to RME (and probably will never be).

Today we have to sign on to 1 of 3 RME servers or 1 of 6 Campus servers. What would be cool is a single server sign on be able to see all devices across the 3 RME servers and a single server sign on to see all devices across all 6 Campus servers.

Labels:
0 Helpful
5 Replies 5

David Stanford
Cisco Employee
Cisco Employee

‎01-21-2007 07:42 PM

SSO is independent of ACS integration. You can configure one without the other.

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/cw2000_b/lms/lms25/lms25qsg.htm#wp66706

Joe Clarke
Cisco Employee
Cisco Employee
In response to David Stanford

‎01-21-2007 09:28 PM

In addition to what Dave said, the two features really compliment each other. If you configure both SSO and ACS integration on all of your servers you do not need to worry about synchronizing users across all servers, since the one centralized SSO master will provide authentication, and the centralized ACS server will provide authorization.

With just SSO, you will need to configure the same user list on all servers to provide the authorization piece. If ACS is not doable, you should consider scripting some method of copying the cwpass files from the master server to all of the slaves.

getwithrob
Level 3
Level 3
In response to Joe Clarke

‎01-22-2007 04:48 AM

Let me make sure I'm not confused here:

You're suggesting:

"We strongly caution against running ACS on CiscoWorks for resource and security reasons."

and SSO and ACS do not have to live together.

So it sounds like I leave ACS out of the picture, implement SSO. If Implementing SSO however, I will need to add the users to each server or find a way to copy them between servers.

Am I even close here?

Thnk very much for you guys' input as I know you guys know this stuff.

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to getwithrob

‎01-22-2007 10:52 AM

You are correct on all counts. SSO only takes care of centralizing authentication. Without ACS integration, authorization will be left up to the local user database (i.e. cwpass).

getwithrob
Level 3
Level 3
In response to Joe Clarke

‎01-22-2007 10:58 AM

thnks for the input.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents