Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Single Server Sign On and ACS

If I don't integrage 2.6 w/ ACS, will I still be able to take advantage of the Single Server Sign On feature?

P.S. We have 3 servers running RME today w/no integration of Campus to RME (and probably will never be).

Today we have to sign on to 1 of 3 RME servers or 1 of 6 Campus servers. What would be cool is a single server sign on be able to see all devices across the 3 RME servers and a single server sign on to see all devices across all 6 Campus servers.

5 REPLIES
Cisco Employee

Re: Single Server Sign On and ACS

SSO is independent of ACS integration. You can configure one without the other.

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/cw2000_b/lms/lms25/lms25qsg.htm#wp66706

Cisco Employee

Re: Single Server Sign On and ACS

In addition to what Dave said, the two features really compliment each other. If you configure both SSO and ACS integration on all of your servers you do not need to worry about synchronizing users across all servers, since the one centralized SSO master will provide authentication, and the centralized ACS server will provide authorization.

With just SSO, you will need to configure the same user list on all servers to provide the authorization piece. If ACS is not doable, you should consider scripting some method of copying the cwpass files from the master server to all of the slaves.

New Member

Re: Single Server Sign On and ACS

Let me make sure I'm not confused here:

You're suggesting:

"We strongly caution against running ACS on CiscoWorks for resource and security reasons."

and SSO and ACS do not have to live together.

So it sounds like I leave ACS out of the picture, implement SSO. If Implementing SSO however, I will need to add the users to each server or find a way to copy them between servers.

Am I even close here?

Thnk very much for you guys' input as I know you guys know this stuff.

Cisco Employee

Re: Single Server Sign On and ACS

You are correct on all counts. SSO only takes care of centralizing authentication. Without ACS integration, authorization will be left up to the local user database (i.e. cwpass).

New Member

Re: Single Server Sign On and ACS

thnks for the input.

236
Views
30
Helpful
5
Replies
CreatePlease to create content