[cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN

Justin Steinberg jsteinberg at gmail.com
Fri Jun 12 09:50:31 EDT 2015


I should also add this is intermittent.  Sometimes Jabber will connection
to Unity Connection just fine with SSO.  Sometimes it will try to connect
to the DNS servers (Show Connection Status shows the DNS server as
voicemail) and fail.  Sometimes it will try to connect to Unity Connection
but without SSO.

On Fri, Jun 12, 2015 at 9:18 AM, Justin Steinberg <jsteinberg at gmail.com>
wrote:

> It seems like the problem is that for some reason, Jabber thinks the DNS
> server is the voicemail server.  So it is performing a SSO check with the
> DNS server and that fails.
>
> Any idea why Jabber would be doing this ?
>
> On Thu, Jun 11, 2015 at 1:46 PM, Justin Steinberg <jsteinberg at gmail.com>
> wrote:
>
>> i've looked through it and i'm not sure where it is going wrong.   It
>> doesn't help that the file is 15,000 or so lines long for a three minute
>> login :)
>>
>> i've opened a case with Webex Messenger team and will probably do the
>> same with Jabber/CUC.
>>
>> Justin
>>
>> On Thu, Jun 11, 2015 at 11:07 AM, Brian Meade <bmeade90 at vt.edu> wrote:
>>
>>> Probably worth pulling a problem report right after sign in.  It should
>>> show the process of checking if SSO is enabled for Unity Connection.
>>>
>>> On Wed, Jun 10, 2015 at 4:33 PM, Justin Steinberg <jsteinberg at gmail.com>
>>> wrote:
>>>
>>>> Thanks Chris, I checked all that out and it looks alright.
>>>>
>>>> In testing this afternoon, we've gotten the UCXN SSO to work on a
>>>> couple occasions but it doesn't stay.  The Jabber client ends up not
>>>> logging into voicemail and in the Jabber client File>Options>Accounts, it
>>>> wants the user to enter their credentials.    Jabber shouldn't be allowing
>>>> users to enter their credentials in the client with SSO enabled.
>>>>
>>>> I turned up samltrace to debug on UCXN and pulled the logs.  Jabber
>>>> doesn't even seem to be hitting the UCXN server when it fails, it's like
>>>> Jabber doesn't realize UCXN is SSO enabled.    I'm opening a case with
>>>> Webex Messenger support to start, then will see where that goes.
>>>>
>>>> Justin
>>>>
>>>> On Wed, Jun 10, 2015 at 1:39 PM, Chris Clouse <Chris.Clouse at cdw.com>
>>>> wrote:
>>>>
>>>>>  ·         Verify the following Unity Connection Services are
>>>>> started.
>>>>>
>>>>>     - Connection Jetty
>>>>>       - Connection REST Service
>>>>>
>>>>> ·         Verify the class of service has Allow Users to Use the Web
>>>>> Inbox and RSS Feeds, Allow Users to Access Voice Mail Using an IMAP Client
>>>>> and/or Single Inbox, Allow Users to Use Unified Client to Access Voice Mail
>>>>> enabled
>>>>>
>>>>>
>>>>>
>>>>> ·         Verify the Unity Connection API Settings are enabled
>>>>> (System Settings->Advanced->API Settings)
>>>>>
>>>>>     - Allow Access to Secure Message Recordings through CUMI
>>>>>       - Display Message Header Information of Secure Messages through
>>>>>       CUMI
>>>>>       - Allow Message Attachments through CUMI
>>>>>
>>>>> Also make sure that you don’t have
>>>>>  <VoicemailService_UseCredentialsFrom>phone</VoicemailService_UseCredentialsFrom>
>>>>> in your jabber-config.xml file as it will need to have a separate login for
>>>>> the voicemail server versus CallManager.
>>>>>
>>>>>
>>>>>
>>>>> *~Chris*
>>>>>
>>>>>
>>>>>
>>>>> *From:* Justin Steinberg [mailto:jsteinberg at gmail.com]
>>>>> *Sent:* Wednesday, June 10, 2015 12:30 PM
>>>>> *To:* Chris Clouse
>>>>> *Cc:* Cisco VOIP
>>>>> *Subject:* RE: [cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN
>>>>>
>>>>>
>>>>>
>>>>> Yes I've done that.  The Unity Connection Web Inbox and UCM Self Care
>>>>> Portal page both have functioning SSO.   It's just Jabber that won't
>>>>> utilize SSO when using CUC.
>>>>>
>>>>> Justin
>>>>>
>>>>> On Jun 10, 2015 1:16 PM, "Chris Clouse" <Chris.Clouse at cdw.com> wrote:
>>>>>
>>>>>  In order for the phone services and voicemail to be connected via
>>>>> SSO, CUCM and UCXN will also need to be enabled for SAML SSO on their own
>>>>> as well as having the WebEx Messenger SSO.  I would recommend that you be
>>>>> on 10.5+ even though it states supported with 10.0.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/SAML_SSO_deployment_guide/10_0_1/CUCM_BK_SB003832_00_saml-sso-deployment-guide-for/CUCM_BK_SB003832_00_saml-sso-deployment-guide-for_chapter_010.html
>>>>>
>>>>>
>>>>>
>>>>> *~Chris*
>>>>>
>>>>>
>>>>>
>>>>> *From:* cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] *On
>>>>> Behalf Of *Justin Steinberg
>>>>> *Sent:* Wednesday, June 10, 2015 12:09 PM
>>>>> *To:* Cisco VOIP
>>>>> *Subject:* [cisco-voip] Hosted Jabber, SSO and onprem UCM and UCXN
>>>>>
>>>>>
>>>>>
>>>>> Has anyone setup SSO in the hybrid Jabber deployment model?
>>>>>
>>>>> Customer has hosted WebEx Messenger Jabber, on-prem CUCM, and UCXN.
>>>>> We have enabled SSO for all three systems.  We can use SSO to login to
>>>>> jabber and the UCM and UCXN end user self service web interfaces.    All
>>>>> that seems OK and SSO is working.
>>>>>
>>>>> The problem is that once jabbers logs in to WebEx Messenger, it
>>>>> requires the user to go into file>options and manually enter their
>>>>> voicemail credentials.
>>>>>
>>>>> I expect that it should just SSO into WebEx messenger, UCM phone
>>>>> services and UCXN voicemail services.
>>>>>
>>>>> Any thoughts?
>>>>>
>>>>> Justin
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> cisco-voip mailing list
>>>> cisco-voip at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150612/b8fa3358/attachment.html>


More information about the cisco-voip mailing list