On the other side, the Resources side, another federation server validates the token and issues another token for the local servers to accept the claimed identity.This allows a system to provide controlled access to its resources or services to a user that belongs to another security realm without requiring the user to authenticate directly to the system and without the two systems sharing a database of user identities or passwords.You must configure the external identity source that contains your user information in Cisco ISE.External identity sources also include certificate information for the Cisco ISE server and certificate authentication profiles.For more information: Adding or Editing a Certificate Authentication Profile Prerequisite: Every Cisco ISE administrator account is assigned one or more administrative roles.To perform the operations described in the following procedure, you must have one of the following roles assigned: Super Admin or System Admin. Step 2 From the External Identity Sources navigation pane on the left, click Certificate Authentication Profile.•EAP-GTC—Cisco ISE supports user and machine authentication against Active Directory using EAP-GTC.•Extensible Authentication Protocol-Transport Layer Security (EAP-TLS)—Cisco ISE uses the certificate retrieval option to support user and machine authentication against Active Directory using EAP-TLS.
Such a token is often issued and signed by an entity that is able to authenticate the user by other means, and that is trusted by the entity doing the claims-based authentication.
Both internal and external identity sources can be used as the authentication source for sponsor authentication and also for authentication of remote guest users.
Table 5-1 lists the identity sources and the protocols that they support.
The Certificate Authentication Profile page appears. Step 3 Do one of the following: •To add a new certificate authentication profile, click Add.
•To edit an existing certificate authentication profile, choose the profile that you want to edit and click Edit.