We have successfully configured SSO with WebEx and our ADFS 2.0 environment but it only works when we are in the office or connected to VPN. When I click "host login" outside of our network I get the following error: Error: Reason: Invalid SAML Assertion (13). Thoughts?
The following support knowledge base article will have more information on this issue. http://kb.webex.com/WBX54373.
The error indicates they have you may have the incorrect AuthnContextClassRef, which can be different if going through a proxy or if the account is external. To work around this problem WebEx will allow you to set multiple AuthnContextClassRefs on the WebEx site admin page that are separated by a semicolon It would look something like this
if you do not know what the value is for external users, I would try the above suggestion first.
You can also try the following AuthnContextClassRef values:
If it still fails then we will need to see the assertion for one of the outside connection which is failing with the error 13.
Perfect! That did the trick.
Previous Config: urn:federation:authentication:windows
New Config: urn:federation:authentication:windows;urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport