https://community.cisco.com/t5/collaboration-applications/client-authentication-in-collaboration-edge-mra/m-p/2756767#M13205 <P>In the case of Jabber/CUCM/Expressway deployment, during the initial connection between the Jabber client and the Expressway Edge server, there is a key/cert exchange/handshake that creates a secure communications channel between the two. At this point Jabber client securely passes credentials to the Expressway Edge, and it passes these through to the Expressway Core, the Core then provides the credentials to the CUCM server (which in turn challenges the authentication against its local user database or LDAP, whichever is in use) and then returns an Authenticated message&nbsp;to the Expressway Core, which sends it to the Expressway Edge, which in turn tells the Jabber client it has successfully authenticated.</P><P>This leaves out some of the deeper technical details, but does this answer your question?</P><P>Also, the statements above can be different for a VCS (not Expressway Series) deployment as there are multiple authentication options. This would also be regarding endpoints and Jabber Video for TelePresence, and not "regular" Jabber.</P> Wed, 23 Sep 2015 18:41:40 GMT shawnangelo 2015-09-23T18:41:40Z https://community.cisco.com/t5/collaboration-applications/client-authentication-in-collaboration-edge-mra/m-p/2756766#M13204 <P>Hello</P><P>Could someone help with the following question?</P><P>When does a&nbsp;Jabber client get&nbsp;authenticated?&nbsp;</P><P>My understanding is that when a Jabber device on the Internet accesses (to log on) the&nbsp;expressway-E, &nbsp;only the server (Expressway-E) is authenticated (using the public CA certificate in the Jabber device).</P><P>Is this correct? If yes, does the Jabber device/user get authenticated when the device attempts to register with the CUCM &nbsp;?&nbsp;</P><P>&nbsp;</P><P>Thanks in advance,</P><P>/Baktha</P><P>Dimension Data.</P> Mon, 18 Mar 2019 00:32:07 GMT https://community.cisco.com/t5/collaboration-applications/client-authentication-in-collaboration-edge-mra/m-p/2756766#M13204 baktha.muralidharan 2019-03-18T00:32:07Z https://community.cisco.com/t5/collaboration-applications/client-authentication-in-collaboration-edge-mra/m-p/2756767#M13205 <P>In the case of Jabber/CUCM/Expressway deployment, during the initial connection between the Jabber client and the Expressway Edge server, there is a key/cert exchange/handshake that creates a secure communications channel between the two. At this point Jabber client securely passes credentials to the Expressway Edge, and it passes these through to the Expressway Core, the Core then provides the credentials to the CUCM server (which in turn challenges the authentication against its local user database or LDAP, whichever is in use) and then returns an Authenticated message&nbsp;to the Expressway Core, which sends it to the Expressway Edge, which in turn tells the Jabber client it has successfully authenticated.</P><P>This leaves out some of the deeper technical details, but does this answer your question?</P><P>Also, the statements above can be different for a VCS (not Expressway Series) deployment as there are multiple authentication options. This would also be regarding endpoints and Jabber Video for TelePresence, and not "regular" Jabber.</P> Wed, 23 Sep 2015 18:41:40 GMT https://community.cisco.com/t5/collaboration-applications/client-authentication-in-collaboration-edge-mra/m-p/2756767#M13205 shawnangelo 2015-09-23T18:41:40Z https://community.cisco.com/t5/collaboration-applications/client-authentication-in-collaboration-edge-mra/m-p/2756768#M13206 <P>Shawn,</P><P>Thank you for the reply/answer!&nbsp;It helps.&nbsp;Guess the client authentication sort of, doesn't happen as part of the initial TLS handshake (between the Jabber device and expressway-E).</P><P>/Baktha</P> Wed, 23 Sep 2015 19:10:03 GMT https://community.cisco.com/t5/collaboration-applications/client-authentication-in-collaboration-edge-mra/m-p/2756768#M13206 baktha.muralidharan 2015-09-23T19:10:03Z https://community.cisco.com/t5/collaboration-applications/client-authentication-in-collaboration-edge-mra/m-p/2756769#M13207 <P>Hi,</P><P>You can refer to this document I wrote to under more detail about the whole jabber MRA process..</P><P><A href="https://supportforums.cisco.com/document/12302441/jabber-mracollaboration-edge-detailed-call-fow">https://supportforums.cisco.com/document/12302441/jabber-mracollaboration-edge-detailed-call-fow</A></P> Thu, 08 Oct 2015 20:10:07 GMT https://community.cisco.com/t5/collaboration-applications/client-authentication-in-collaboration-edge-mra/m-p/2756769#M13207 Ayodeji Okanlawon 2015-10-08T20:10:07Z https://community.cisco.com/t5/collaboration-applications/client-authentication-in-collaboration-edge-mra/m-p/2756770#M13208 <P>Thanks Ayodeji, for the very useful document!</P> Fri, 09 Oct 2015 01:00:37 GMT https://community.cisco.com/t5/collaboration-applications/client-authentication-in-collaboration-edge-mra/m-p/2756770#M13208 baktha.muralidharan 2015-10-09T01:00:37Z