[cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN

Wed Jun 10 16:33:57 EDT 2015

Thanks Chris, I checked all that out and it looks alright.

In testing this afternoon, we've gotten the UCXN SSO to work on a couple
occasions but it doesn't stay.  The Jabber client ends up not logging into
voicemail and in the Jabber client File>Options>Accounts, it wants the user
to enter their credentials.    Jabber shouldn't be allowing users to enter
their credentials in the client with SSO enabled.

I turned up samltrace to debug on UCXN and pulled the logs.  Jabber doesn't
even seem to be hitting the UCXN server when it fails, it's like Jabber
doesn't realize UCXN is SSO enabled.    I'm opening a case with Webex
Messenger support to start, then will see where that goes.

Justin

On Wed, Jun 10, 2015 at 1:39 PM, Chris Clouse <Chris.Clouse at cdw.com> wrote:

>  ·         Verify the following Unity Connection Services are started.
>
>     - Connection Jetty
>       - Connection REST Service
>
> ·         Verify the class of service has Allow Users to Use the Web
> Inbox and RSS Feeds, Allow Users to Access Voice Mail Using an IMAP Client
> and/or Single Inbox, Allow Users to Use Unified Client to Access Voice Mail
> enabled
>
>
>
> ·         Verify the Unity Connection API Settings are enabled (System
> Settings->Advanced->API Settings)
>
>     - Allow Access to Secure Message Recordings through CUMI
>       - Display Message Header Information of Secure Messages through
>       CUMI
>       - Allow Message Attachments through CUMI
>
> Also make sure that you don’t have
>  <VoicemailService_UseCredentialsFrom>phone</VoicemailService_UseCredentialsFrom>
> in your jabber-config.xml file as it will need to have a separate login for
> the voicemail server versus CallManager.
>
>
>
> *~Chris*
>
>
>
> *From:* Justin Steinberg [mailto:jsteinberg at gmail.com]
> *Sent:* Wednesday, June 10, 2015 12:30 PM
> *To:* Chris Clouse
> *Cc:* Cisco VOIP
> *Subject:* RE: [cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN
>
>
>
> Yes I've done that.  The Unity Connection Web Inbox and UCM Self Care
> Portal page both have functioning SSO.   It's just Jabber that won't
> utilize SSO when using CUC.
>
> Justin
>
> On Jun 10, 2015 1:16 PM, "Chris Clouse" <Chris.Clouse at cdw.com> wrote:
>
>  In order for the phone services and voicemail to be connected via SSO,
> CUCM and UCXN will also need to be enabled for SAML SSO on their own as
> well as having the WebEx Messenger SSO.  I would recommend that you be on
> 10.5+ even though it states supported with 10.0.
>
>
>
>
> http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/SAML_SSO_deployment_guide/10_0_1/CUCM_BK_SB003832_00_saml-sso-deployment-guide-for/CUCM_BK_SB003832_00_saml-sso-deployment-guide-for_chapter_010.html
>
>
>
> *~Chris*
>
>
>
> *From:* cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] *On Behalf
> Of *Justin Steinberg
> *Sent:* Wednesday, June 10, 2015 12:09 PM
> *To:* Cisco VOIP
> *Subject:* [cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN
>
>
>
> Has anyone setup SSO in the hybrid Jabber deployment model?
>
> Customer has hosted WebEx Messenger Jabber, on-prem CUCM, and UCXN.   We
> have enabled SSO for all three systems.  We can use SSO to login to jabber
> and the UCM and UCXN end user self service web interfaces.    All that
> seems OK and SSO is working.
>
> The problem is that once jabbers logs in to WebEx Messenger, it requires
> the user to go into file>options and manually enter their voicemail
> credentials.
>
> I expect that it should just SSO into WebEx messenger, UCM phone services
> and UCXN voicemail services.
>
> Any thoughts?
>
> Justin
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150610/b13f2b62/attachment.html>