[cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN

Justin Steinberg jsteinberg at gmail.com
Fri Jun 12 09:18:41 EDT 2015 

It seems like the problem is that for some reason, Jabber thinks the DNS
server is the voicemail server.  So it is performing a SSO check with the
DNS server and that fails.

Any idea why Jabber would be doing this ?

On Thu, Jun 11, 2015 at 1:46 PM, Justin Steinberg <jsteinberg at gmail.com>
wrote:

> i've looked through it and i'm not sure where it is going wrong.   It
> doesn't help that the file is 15,000 or so lines long for a three minute
> login :)
>
> i've opened a case with Webex Messenger team and will probably do the same
> with Jabber/CUC.
>
> Justin
>
> On Thu, Jun 11, 2015 at 11:07 AM, Brian Meade <bmeade90 at vt.edu> wrote:
>
>> Probably worth pulling a problem report right after sign in.  It should
>> show the process of checking if SSO is enabled for Unity Connection.
>>
>> On Wed, Jun 10, 2015 at 4:33 PM, Justin Steinberg <jsteinberg at gmail.com>
>> wrote:
>>
>>> Thanks Chris, I checked all that out and it looks alright.
>>>
>>> In testing this afternoon, we've gotten the UCXN SSO to work on a couple
>>> occasions but it doesn't stay.  The Jabber client ends up not logging into
>>> voicemail and in the Jabber client File>Options>Accounts, it wants the user
>>> to enter their credentials.    Jabber shouldn't be allowing users to enter
>>> their credentials in the client with SSO enabled.
>>>
>>> I turned up samltrace to debug on UCXN and pulled the logs.  Jabber
>>> doesn't even seem to be hitting the UCXN server when it fails, it's like
>>> Jabber doesn't realize UCXN is SSO enabled.    I'm opening a case with
>>> Webex Messenger support to start, then will see where that goes.
>>>
>>> Justin
>>>
>>> On Wed, Jun 10, 2015 at 1:39 PM, Chris Clouse <Chris.Clouse at cdw.com>
>>> wrote:
>>>
>>>>  ·         Verify the following Unity Connection Services are started.
>>>>
>>>>     - Connection Jetty
>>>>       - Connection REST Service
>>>>
>>>> ·         Verify the class of service has Allow Users to Use the Web
>>>> Inbox and RSS Feeds, Allow Users to Access Voice Mail Using an IMAP Client
>>>> and/or Single Inbox, Allow Users to Use Unified Client to Access Voice Mail
>>>> enabled
>>>>
>>>>
>>>>
>>>> ·         Verify the Unity Connection API Settings are enabled (System
>>>> Settings->Advanced->API Settings)
>>>>
>>>>     - Allow Access to Secure Message Recordings through CUMI
>>>>       - Display Message Header Information of Secure Messages through
>>>>       CUMI
>>>>       - Allow Message Attachments through CUMI
>>>>
>>>> Also make sure that you don’t have
>>>>  <VoicemailService_UseCredentialsFrom>phone</VoicemailService_UseCredentialsFrom>
>>>> in your jabber-config.xml file as it will need to have a separate login for
>>>> the voicemail server versus CallManager.
>>>>
>>>>
>>>>
>>>> *~Chris*
>>>>
>>>>
>>>>
>>>> *From:* Justin Steinberg [mailto:jsteinberg at gmail.com]
>>>> *Sent:* Wednesday, June 10, 2015 12:30 PM
>>>> *To:* Chris Clouse
>>>> *Cc:* Cisco VOIP
>>>> *Subject:* RE: [cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN
>>>>
>>>>
>>>>
>>>> Yes I've done that.  The Unity Connection Web Inbox and UCM Self Care
>>>> Portal page both have functioning SSO.   It's just Jabber that won't
>>>> utilize SSO when using CUC.
>>>>
>>>> Justin
>>>>
>>>> On Jun 10, 2015 1:16 PM, "Chris Clouse" <Chris.Clouse at cdw.com> wrote:
>>>>
>>>>  In order for the phone services and voicemail to be connected via
>>>> SSO, CUCM and UCXN will also need to be enabled for SAML SSO on their own
>>>> as well as having the WebEx Messenger SSO.  I would recommend that you be
>>>> on 10.5+ even though it states supported with 10.0.
>>>>
>>>>
>>>>
>>>>
>>>> http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/SAML_SSO_deployment_guide/10_0_1/CUCM_BK_SB003832_00_saml-sso-deployment-guide-for/CUCM_BK_SB003832_00_saml-sso-deployment-guide-for_chapter_010.html
>>>>
>>>>
>>>>
>>>> *~Chris*
>>>>
>>>>
>>>>
>>>> *From:* cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] *On
>>>> Behalf Of *Justin Steinberg
>>>> *Sent:* Wednesday, June 10, 2015 12:09 PM
>>>> *To:* Cisco VOIP
>>>> *Subject:* [cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN
>>>>
>>>>
>>>>
>>>> Has anyone setup SSO in the hybrid Jabber deployment model?
>>>>
>>>> Customer has hosted WebEx Messenger Jabber, on-prem CUCM, and UCXN.
>>>> We have enabled SSO for all three systems.  We can use SSO to login to
>>>> jabber and the UCM and UCXN end user self service web interfaces.    All
>>>> that seems OK and SSO is working.
>>>>
>>>> The problem is that once jabbers logs in to WebEx Messenger, it
>>>> requires the user to go into file>options and manually enter their
>>>> voicemail credentials.
>>>>
>>>> I expect that it should just SSO into WebEx messenger, UCM phone
>>>> services and UCXN voicemail services.
>>>>
>>>> Any thoughts?
>>>>
>>>> Justin
>>>>
>>>>
>>>
>>> _______________________________________________
>>> cisco-voip mailing list
>>> cisco-voip at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150612/91678ab5/attachment.html>

More information about the cisco-voip mailing list