[cisco-voip] UC SSO question

Bernhard Albler bernhard.albler at gmail.com
Thu Oct 8 15:47:13 EDT 2015 

do you use a different hostname for the outside idp?
to take into account:
1) is it kerberos / iwa on the inside?
2) outside it will likely be ntlm and you need extra config for IE and hence jabber to automatically send creds to a host
cheers
bernhard

--
Sent from a touchscreen device with impossibly small keys, please excuse any typos

> On 08 Oct 2015, at 20:50, Ahmed Abd EL-Rahman <Ahmed.Rahman at bmbgroup.com> wrote:
> 
> I use ADFS 2 and I'm exposing the same ADFS to the Internet with real IP through NAT configurations.
> 
> 
> 
> 
> 
> Best Regards
> 
> Ahmed Abd EL-Rahman
> Senior Network Engineer - BMB KSA
> 
> On Oct 8, 2015, at 5:01 PM, Bernhard Albler <bernhard.albler at gmail.com<mailto:bernhard.albler at gmail.com>> wrote:
> 
> It's going to depend on the OS platform on the client and on the IDP.
> What IDP are you using?
> If it is ADFS, do you use an ADFS Proxy or do you expose a normal ADFS server externally as well?
> 
> cheers
> bernhard
> 
> On Thu, Oct 8, 2015 at 3:44 PM, Brian Meade <bmeade90 at vt.edu<mailto:bmeade90 at vt.edu>> wrote:
> Are you using MRA for external logins?  If so, you can add the Identity Provider on the Expressway-C and then enable SSO on the Expressway-C and Expressway-E.
> 
> The Identity Provider has to be accessible externally though.
> 
> On Thu, Oct 8, 2015 at 8:32 AM, Ahmed Abd EL-Rahman <Ahmed.Rahman at bmbgroup.com<mailto:Ahmed.Rahman at bmbgroup.com>> wrote:
> Hi Gents,
> 
> I have configured all my UC 10.5 cluster services (including Cisco WebEx Meeting Server 2.5 MR5) for SSO. CUCM, Jabber desktop client, and WebEx access working correctly with SSO from the corporate LAN with PCs joined to the domain, which how it should work without having to re-enter any credentials when accessing these service.
> 
> My question is a laptop for example which already joined the domain is trying to access the UC services from outside the network (Jabber Desktop client and webex) as they are both configured with public access, should the SSO works with this laptop from outside exactly the same way as it works from corporate LAN so that the user doesn’t have to enter any credentials manually or it is normal to be prompted for credentials when he access from outside the corporate network ? I’m asking about SSO nature.
> 
> 
> 
> 
> 
> Best Regards
> 
> Ahmed Abd EL-Rahman
> Senior Network Engineer
> 
> 
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
> https://puck.nether.net/mailman/listinfo/cisco-voip
> 
> 
> 
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
> https://puck.nether.net/mailman/listinfo/cisco-voip
> 
> 
> 
> 
> --
> Bernhard Albler, +4369917207384
> --
> "Was Nachwelt! Wie komm' ich dazu was für die Nachwelt zu tun? Was hat denn die Nachwelt für mich getan?"
> --Carl Friedrich Zelter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20151008/79919419/attachment.html>

More information about the cisco-voip mailing list