topic Re: Jabber Windows OAuth in Collaboration Applications

Jabber Windows OAuth

test60 — Fri, 16 Oct 2020 21:19:12 GMT

expert,

If we just need to make sure password change on AD reflect to Jabber Desktop/Windows ( reduce the helpdesk call to reset Jabber password) ,we just need to enable Jabber OAuth ? and no need SSO?

Also when we enable "Jabber OAuth" and disable it back, is there any impact to certificate or anything?

thanks,

Re: Jabber Windows OAuth

Jaime Valencia — Fri, 16 Oct 2020 22:18:00 GMT

I don't think you understand what OAuth is, based on what you're asking and how you're phrasing it, suggest you thoroughly review this doc:

https://community.cisco.com/t5/collaboration-voice-and-video/understanding-oauth-and-mra/ta-p/4069744

And spend some time on google searching resources on OAuth Vs. SSO and then, come back and rephrase your question if needed if you still have doubts after doing some research on OAuth and SSO.

Re: Jabber Windows OAuth

Roger Kallberg — Sat, 17 Oct 2020 08:18:58 GMT

Jabber as such in a CM integration does not have it’s own password. At least if you’re using LDAP directory synchronisation and authentication in CM. Based on your phrasing I assume this is what you have.

As Java wrote you need to do some studies on the topic around OAuth and SSO.

Re: Jabber Windows OAuth

test60 — Mon, 19 Oct 2020 15:24:17 GMT

hi Jamie/Roger.

I use LDAP for Jabber windows, but still every 3 months , when user change Outlook AD password. Jabber will then ask for update on new password for "Contact Service" and "Phone Services'.

I hear Jabber Oauth will fix this issue? so whatever we change on Outlook AD password, will automatically reflect to Jabber "Phone service".

thanks,

Re: Jabber Windows OAuth

test60 — Mon, 19 Oct 2020 15:25:51 GMT

hi Roger,

I understand this & used LDAP. However when you change 3 months password on Outlook AD, Jabber will still ask for new password.

Thanks,

Re: Jabber Windows OAuth

test60 — Mon, 19 Oct 2020 17:23:56 GMT

Have you done Jabber Oath before?

Re: Jabber Windows OAuth

test60 — Mon, 19 Oct 2020 17:42:11 GMT

Thank you Jaime, i read the doc, it answer my question. Actually my scenario is to automatically update "Phone service" password, wjoch is done by token per the explanation.

Re: Jabber Windows OAuth

Roger Kallberg — Mon, 19 Oct 2020 18:29:01 GMT

Yes we use SSO with OAuth refresh tokens. What you describe is the expected experience without SSO. If you enable SSO you won’t get the save user credentials in Jabber, this is what is triggering the need to update the credentials after password change in AD.

Re: Jabber Windows OAuth

Roger Kallberg — Mon, 19 Oct 2020 18:45:03 GMT

Without SSO your not going to get much change in user UX. When the OAuth token expires after a password change the user would still need to provide the new password.

Re: Jabber Windows OAuth

test60 — Mon, 19 Oct 2020 21:41:36 GMT

hi Roger,

Thanks. However in this document from Jaime, https://community.cisco.com/t5/collaboration-voice-and-video/understanding-oauth-and-mra/ta-p/4069744.

It said , after we enable OAuth ( no need SSO) , then we will not need to update credentials anymore after password change.

So just confirm, do we need OAuth + SSO or just OAuth for that?

Thanks.

Re: Jabber Windows OAuth

Roger Kallberg — Tue, 20 Oct 2020 05:50:32 GMT

From what I know you would need to provide the credentials initial once OAuth is setup and any time after the password has changed when the OAuth token expires. That is if you don’t also have SSO setup. With SSO this becomes seamless to the user with no need to update any credentials.

I read the document before and now again one more time and I can’t find any mention of the part you reference, aka that it says no need for SSO to not need to update password. Would you mind to point out the specific part where you see that?

Depending upon your setup of SSO and what platform you would use Jabber on the UX for the initial login with SSO might be slightly different.

Re: Jabber Windows OAuth

test60 — Tue, 20 Oct 2020 23:52:58 GMT

hi Roger,

what can cause token to expired after initial setup ? as I dont have SSO.

tks

Re: Jabber Windows OAuth

Roger Kallberg — Wed, 21 Oct 2020 05:07:55 GMT

The token has a lifetime. If using refresh tokens it’s by default set to expire after 60 days. If you don’t use refresh tokens it would be much shorter lifespan as then it’s an access token. I believe it has a default lifetime of 60 minutes, but not totally sure.