Cisco Call Manager - SSO APM

Would anyone happen to have a sample Assertion being used for Cisco Call Manager? It's stated that F5 APM is supported though documentation is lacking. It also has a requirement for an Import of metadata instead of any manual configuration. So far this is what I've found -

 

It prefers ADFS - at least there is plenty of documentation.

 

NameIDFormat: transient Attributes: requires "uid" in the form of SamAccountName

 

There is a Cisco article that has some needed modifications for F5 BIG-IP: http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/rel_notes/11_0_1/CUCM_BK_R30921A8_00_CUCM_release-notes_1101.pdf

 

Step 1 Using an XML editor, open the exported F5 BIG-IP IDP metadata XML file.

 

Step 2 From the NameIDFormat tag, delete the following attributes:isDefault="true" index="0"

 

Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP".

 

Step 3 From the SingleSignOnService tag, delete Index and IsDefault attributes.

 

Step 4 From the SingleLogOutService tag, delete the IsDefault attribute.

 

Step 5 In the IDPSSODescriptor tag, change the order of the tags as follows:

 

 

1 KeyDescriptor

 

2 SingleLogoutService

 

3 NameIDFormat

 

4 SingleSignOnService

 

5 saml:Attribute

 

 

Through my testing - I'm still getting a generic 'import failed, please retry' error on IDP import within Cisco Call Manager.

 

I have a Cisco case open, so I'll update this Question either way when I get an answer.

 

Thank ya.