[cisco-voip] Jabber Mobile 11.7 don't Store SSo User Credential
Ankur Srivastava
ansrivastava at linkedin.com
Sat Oct 1 23:53:39 EDT 2016
Also you can't save any credentials because Jabber is not prompting for
login it's the ADFS which prompts for it. Jabber just opens a web-wrapper
and loads a http link for ADFS.
So there is no way for the Jabber client to know what credentials you
entered in that pop-up.
Regards,
Ankur
On Oct 2, 2016 09:19, "Ankur Srivastava" <ansrivastava at linkedin.com> wrote:
> Hi Alessandro,
>
> When you enable SSO then CUCM does not control the authentication process
> and at every login Expressway or CUCM will reach out to ADFS to confirm if
> the user is authorised or not.
>
> ADFS verifies the last SSO cookie to confirm whether it should allow the
> request or prompt for login. CUCM or Expressway can't control this behavior.
>
> So your users are being prompted for login because the SSO cookies expire
> and ADFS requests re-Authentication. You do not have any way to work around
> this. This is how SSO works.
>
> If you want less prompts you can increase the SSO timers on ADFS to not to
> expire for 2-3 days, but that will affect all SSO requests not just UC.
>
> Regards,
> Ankur
>
> On Oct 2, 2016 02:37, "Alessandro Bertacco" <bertacco.alessandro at alice.it>
> wrote:
>
> We have UC environment all in version 11.0 (CUCM, CUPS, CUC), and we use
> Jabber 11.7 on all platform, Windows, MAC, IOS and Android
>
>
>
> SSO authentication enabled using Microsoft ADFS 2.0 as IDP.
>
>
>
> SSO works fine from all devices, and on Windows Domain computer SSO User
> Credential are pushed directly from the Operating System to the SSO
> Infrastructure, so user need only to open Jabber Client and do nothing to
> login.
>
>
>
> Instead, from Jabber for mobile device, SSO authentication Works, inside
> and outside troughs Expressway C/E infrastructure but Users credential
> aren’t stored on mobile devices.
>
>
>
> So, every day, when user start up their Smartphone, Jabber presents SSo
> IDp popup that ask Users to authenticate. You understand that this make
> UnUsable Jabber Mobile, because users don’t want to be bored for
> Credentials every day.
>
>
>
> I’ve also opened a TAC but Engineer don’t find the route cause.
>
>
>
> Someone of you have a working implementations of SSO Authentication
> Infrastructure with Jabber Mobile clients that store users credential and
> pass it automatically to IDP during the Jabber Login ?
>
>
>
> Can you help me or suggest something?
>
>
>
> This is make me crazy, and customer wants to rollback to SSO disabled. Is
> that the final solution?
>
>
>
> Thank you.
>
>
>
> Regards
>
>
>
> Alessandro
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20161002/e44348e1/attachment.html>
More information about the cisco-voip
mailing list