[cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN

Brian Meade bmeade90 at vt.edu
Thu Jun 11 11:07:26 EDT 2015 

Probably worth pulling a problem report right after sign in.  It should
show the process of checking if SSO is enabled for Unity Connection.

On Wed, Jun 10, 2015 at 4:33 PM, Justin Steinberg <jsteinberg at gmail.com>
wrote:

> Thanks Chris, I checked all that out and it looks alright.
>
> In testing this afternoon, we've gotten the UCXN SSO to work on a couple
> occasions but it doesn't stay.  The Jabber client ends up not logging into
> voicemail and in the Jabber client File>Options>Accounts, it wants the user
> to enter their credentials.    Jabber shouldn't be allowing users to enter
> their credentials in the client with SSO enabled.
>
> I turned up samltrace to debug on UCXN and pulled the logs.  Jabber
> doesn't even seem to be hitting the UCXN server when it fails, it's like
> Jabber doesn't realize UCXN is SSO enabled.    I'm opening a case with
> Webex Messenger support to start, then will see where that goes.
>
> Justin
>
> On Wed, Jun 10, 2015 at 1:39 PM, Chris Clouse <Chris.Clouse at cdw.com>
> wrote:
>
>>  ·         Verify the following Unity Connection Services are started.
>>
>>     - Connection Jetty
>>       - Connection REST Service
>>
>> ·         Verify the class of service has Allow Users to Use the Web
>> Inbox and RSS Feeds, Allow Users to Access Voice Mail Using an IMAP Client
>> and/or Single Inbox, Allow Users to Use Unified Client to Access Voice Mail
>> enabled
>>
>>
>>
>> ·         Verify the Unity Connection API Settings are enabled (System
>> Settings->Advanced->API Settings)
>>
>>     - Allow Access to Secure Message Recordings through CUMI
>>       - Display Message Header Information of Secure Messages through
>>       CUMI
>>       - Allow Message Attachments through CUMI
>>
>> Also make sure that you don’t have
>>  <VoicemailService_UseCredentialsFrom>phone</VoicemailService_UseCredentialsFrom>
>> in your jabber-config.xml file as it will need to have a separate login for
>> the voicemail server versus CallManager.
>>
>>
>>
>> *~Chris*
>>
>>
>>
>> *From:* Justin Steinberg [mailto:jsteinberg at gmail.com]
>> *Sent:* Wednesday, June 10, 2015 12:30 PM
>> *To:* Chris Clouse
>> *Cc:* Cisco VOIP
>> *Subject:* RE: [cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN
>>
>>
>>
>> Yes I've done that.  The Unity Connection Web Inbox and UCM Self Care
>> Portal page both have functioning SSO.   It's just Jabber that won't
>> utilize SSO when using CUC.
>>
>> Justin
>>
>> On Jun 10, 2015 1:16 PM, "Chris Clouse" <Chris.Clouse at cdw.com> wrote:
>>
>>  In order for the phone services and voicemail to be connected via SSO,
>> CUCM and UCXN will also need to be enabled for SAML SSO on their own as
>> well as having the WebEx Messenger SSO.  I would recommend that you be on
>> 10.5+ even though it states supported with 10.0.
>>
>>
>>
>>
>> http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/SAML_SSO_deployment_guide/10_0_1/CUCM_BK_SB003832_00_saml-sso-deployment-guide-for/CUCM_BK_SB003832_00_saml-sso-deployment-guide-for_chapter_010.html
>>
>>
>>
>> *~Chris*
>>
>>
>>
>> *From:* cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] *On
>> Behalf Of *Justin Steinberg
>> *Sent:* Wednesday, June 10, 2015 12:09 PM
>> *To:* Cisco VOIP
>> *Subject:* [cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN
>>
>>
>>
>> Has anyone setup SSO in the hybrid Jabber deployment model?
>>
>> Customer has hosted WebEx Messenger Jabber, on-prem CUCM, and UCXN.   We
>> have enabled SSO for all three systems.  We can use SSO to login to jabber
>> and the UCM and UCXN end user self service web interfaces.    All that
>> seems OK and SSO is working.
>>
>> The problem is that once jabbers logs in to WebEx Messenger, it requires
>> the user to go into file>options and manually enter their voicemail
>> credentials.
>>
>> I expect that it should just SSO into WebEx messenger, UCM phone services
>> and UCXN voicemail services.
>>
>> Any thoughts?
>>
>> Justin
>>
>>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150611/846d55c7/attachment.html>

More information about the cisco-voip mailing list