[cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN

Thu Jun 11 13:46:06 EDT 2015

i've looked through it and i'm not sure where it is going wrong.   It
doesn't help that the file is 15,000 or so lines long for a three minute
login :)

i've opened a case with Webex Messenger team and will probably do the same
with Jabber/CUC.

Justin

On Thu, Jun 11, 2015 at 11:07 AM, Brian Meade <bmeade90 at vt.edu> wrote:

> Probably worth pulling a problem report right after sign in.  It should
> show the process of checking if SSO is enabled for Unity Connection.
>
> On Wed, Jun 10, 2015 at 4:33 PM, Justin Steinberg <jsteinberg at gmail.com>
> wrote:
>
>> Thanks Chris, I checked all that out and it looks alright.
>>
>> In testing this afternoon, we've gotten the UCXN SSO to work on a couple
>> occasions but it doesn't stay.  The Jabber client ends up not logging into
>> voicemail and in the Jabber client File>Options>Accounts, it wants the user
>> to enter their credentials.    Jabber shouldn't be allowing users to enter
>> their credentials in the client with SSO enabled.
>>
>> I turned up samltrace to debug on UCXN and pulled the logs.  Jabber
>> doesn't even seem to be hitting the UCXN server when it fails, it's like
>> Jabber doesn't realize UCXN is SSO enabled.    I'm opening a case with
>> Webex Messenger support to start, then will see where that goes.
>>
>> Justin
>>
>> On Wed, Jun 10, 2015 at 1:39 PM, Chris Clouse <Chris.Clouse at cdw.com>
>> wrote:
>>
>>>  ·         Verify the following Unity Connection Services are started.
>>>
>>>     - Connection Jetty
>>>       - Connection REST Service
>>>
>>> ·         Verify the class of service has Allow Users to Use the Web
>>> Inbox and RSS Feeds, Allow Users to Access Voice Mail Using an IMAP Client
>>> and/or Single Inbox, Allow Users to Use Unified Client to Access Voice Mail
>>> enabled
>>>
>>>
>>>
>>> ·         Verify the Unity Connection API Settings are enabled (System
>>> Settings->Advanced->API Settings)
>>>
>>>     - Allow Access to Secure Message Recordings through CUMI
>>>       - Display Message Header Information of Secure Messages through
>>>       CUMI
>>>       - Allow Message Attachments through CUMI
>>>
>>> Also make sure that you don’t have
>>>  <VoicemailService_UseCredentialsFrom>phone</VoicemailService_UseCredentialsFrom>
>>> in your jabber-config.xml file as it will need to have a separate login for
>>> the voicemail server versus CallManager.
>>>
>>>
>>>
>>> *~Chris*
>>>
>>>
>>>
>>> *From:* Justin Steinberg [mailto:jsteinberg at gmail.com]
>>> *Sent:* Wednesday, June 10, 2015 12:30 PM
>>> *To:* Chris Clouse
>>> *Cc:* Cisco VOIP
>>> *Subject:* RE: [cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN
>>>
>>>
>>>
>>> Yes I've done that.  The Unity Connection Web Inbox and UCM Self Care
>>> Portal page both have functioning SSO.   It's just Jabber that won't
>>> utilize SSO when using CUC.
>>>
>>> Justin
>>>
>>> On Jun 10, 2015 1:16 PM, "Chris Clouse" <Chris.Clouse at cdw.com> wrote:
>>>
>>>  In order for the phone services and voicemail to be connected via SSO,
>>> CUCM and UCXN will also need to be enabled for SAML SSO on their own as
>>> well as having the WebEx Messenger SSO.  I would recommend that you be on
>>> 10.5+ even though it states supported with 10.0.
>>>
>>>
>>>
>>>
>>> http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/SAML_SSO_deployment_guide/10_0_1/CUCM_BK_SB003832_00_saml-sso-deployment-guide-for/CUCM_BK_SB003832_00_saml-sso-deployment-guide-for_chapter_010.html
>>>
>>>
>>>
>>> *~Chris*
>>>
>>>
>>>
>>> *From:* cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] *On
>>> Behalf Of *Justin Steinberg
>>> *Sent:* Wednesday, June 10, 2015 12:09 PM
>>> *To:* Cisco VOIP
>>> *Subject:* [cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN
>>>
>>>
>>>
>>> Has anyone setup SSO in the hybrid Jabber deployment model?
>>>
>>> Customer has hosted WebEx Messenger Jabber, on-prem CUCM, and UCXN.   We
>>> have enabled SSO for all three systems.  We can use SSO to login to jabber
>>> and the UCM and UCXN end user self service web interfaces.    All that
>>> seems OK and SSO is working.
>>>
>>> The problem is that once jabbers logs in to WebEx Messenger, it requires
>>> the user to go into file>options and manually enter their voicemail
>>> credentials.
>>>
>>> I expect that it should just SSO into WebEx messenger, UCM phone
>>> services and UCXN voicemail services.
>>>
>>> Any thoughts?
>>>
>>> Justin
>>>
>>>
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150611/6002c2a7/attachment.html>